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Preface 


Logic has many faces. Some of them look toward abstract propositions and 
meanings, underpinned by the notion of truth as quiet reflection of reality 
within language. In this view, logic involves no agency at all, as propositions 
are true or false for all eternity. 

But perhaps the central theme of logic since Aristotle is that of infer- 
ence, which intuitively involves one (idealized) agent doing derivations and 
inspecting arguments in his or her mind. 

In the last decades, many-agent activities have come to the fore. A major 
research focus nowadays is the field of interactive logic, studying commu- 
nication, argumentation, and intelligent interaction in general. These new 
developments include dynamic logic, old and new epistemic logics, logics of 
games, social choice, and other areas. Parikh has coined the phrase social 
software for the investigation of the formal structure of social procedures 
with the means of logic and related areas of computer science. 

But at the end of the day, this latest trend is also a return to the sources. 
Logic in both its Western and Eastern origins started from the study of 
argumentation, communication, and legal procedure, as is amply demon- 
strated by early texts on the law of non-contradiction and other inferential 
phenomena. 


The 7th Augustus de Morgan Workshop was held at King’s College 
London from November 4th to 7th, 2005 under the title INTERACTIVE 
LOGIC: Games and Social Software. It brought together a lively commu- 
nity of logicians working on various key aspects of the interactive turn. The 
present volume is a collection of fully refereed papers based on the presen- 
tations at the workshop. 


The Augustus De Morgan Workshops 


The Augustus De Morgan Workshops address interdisciplinary areas con- 
cerning logics devised and used to model human reasoning, actions and 
behaviour. Such models arise in various practical and theoretical areas 
striving to provide devices that help/replace the human in his daily activity 
and require, by their very nature, an interdisciplinary cooperation involving 
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mathematical logic, automated deduction, knowledge representation and 
reasoning, artificial intelligence, multi-agent systems, natural language pro- 
cessing, philosophy, linguistics, law, etc. 

In 1999, a plan was made to hold an Augustus De Morgan Workshop 
every year, devoted to an important interdisciplinary applied logic area and 
to invite some of the best and most active researchers in this area to focus 
on some clear problems. These workshops honour Augustus De Morgan 
(1806-1871) who was a Professor of Mathematics at London University. 

The first six Augustus De Morgan Workshops took place in the years 
1999 to 2004 and covered topics from history of logic via belief revision to 
Logic & Law. 


ADMW 2005 and this volume 


The seventh Augustus de Morgan Workshop was a close collaboration of the 
logicians at King’s College London and at the Institute for Logic, Language 
and Computation (ILLC) in Amsterdam. 
The organizers planned the event in the tradition of the conference se- 
ries TARK and LOFT; and for many participants, ADMW 2005 (London, 
November 2005), LOFT 2006 (Liverpool, July 2006), and the workshop New 
Perspectives on Games and Interaction at the Royal Academy in Amster- 
dam (February 2007) constituted a natural sequence of events in the field 
of interactive logic. It is fitting that the proceedings of the other two events 
will also appear in the same new book series, Texts in Logic and Games. 
This book series of which this is the first volume was conceived of in 
London during ADMW 2005. The Managing Editors to be met to discuss 
the set-up of the series and quickly found eminent members for the future 
Advisory Board. We are proud to have the present ADMW 2005 proceedings 
as the inaugural volume of the new series, which will hopefully become a 
focus in the area. 
This volume contains eleven original research contributions that were 
reviewed to the high standards of an international research journal. Twenty- 
four referees helped us to review the twenty-one submissions and select 
twelve of them for the volume. In many cases, the referee reports were very 
detailed and led to considerable improvements of the papers. We would 
like to thank all anonymous referees for their support—the quality of this 
volume is testimony to their efforts. 
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Abstract 


We consider the following questions: What kind of logic has a nat- 
ural semantics in multi-player (rather than 2-player) games? How 
can we express branching quantifiers, and other partial-information 
constructs, with a properly compositional syntax and semantics? We 
develop a logic in answer to these questions, with a formal seman- 
tics based on multiple concurrent strategies, formalized as closure 
operators on Kahn-Plotkin concrete domains. Partial information 
constraints are represented as co-closure operators. We address the 
syntactic issues by treating syntactic constituents, including quanti- 
fiers, as arrows in a category, with arities and co-arities. This enables 
a fully compositional account of a wide range of features in a multi- 
agent, concurrent setting, including IF-style quantifiers. 


1 Introduction 


We begin with the following quote from the manifesto of the 7th Augustus 
de Morgan workshop: 


Traditionally, logic has dealt with the zero-agent notion of truth and 
the one-agent notion of reasoning. In the last decades, research focus 
in logic shifted from these topics to the vast field of “interactive logic” , 
encompassing logics of communication and interaction. The main 
applications of this move to n-agent notions are logical approaches to 
games and social software. 


However, while there are certainly applications of multi-modal logics to 
reasoning about n-person games (see e.g. [Pa7Pas503, Pa702]), the more 


* This paper is an updated and reprinted version of “Socially Responsive, Environmen- 
tally Friendly Logic”, published in [Ah Pi106, pp. 17-45]. The author and the volume 
editors would like to thank the copyright holder, the Philosophical Society of Finland, 
for their kind permission to reprint the paper in this volume. 


Johan van Benthem, Dov Gabbay, Benedikt Löwe (eds.). Interactive Logic. Proceedings of 
the 7th Augustus de Morgan Workshop, London. Texts in Logic and Games 1, Amsterdam 
University Press 2007, pp. 11—47. 


12 S. Abramsky 


intimate connections between Games and Logic which manifest themselves 
in various forms of Game Semantics have all, to the best of our knowledge, 
been based on 2-person games. We are therefore led to consider the following 
question: 


What kind of logic has a natural semantics in multi-player 
(rather than 2-player) games? 


Another topic which has been studied extensively in recent years has 
been the logical aspects of games of imperfect information, starting with 
Henkin-style branching quantifiers [He;61], and Hintikka’s game-theoretical 
interpretation of these, and continuing with the IF-logic of Hintikka and 
Sandu [Hi,Sa4,89, Hi,Sa,95, Hi;Sa,96]. The issue of whether and how a 
compositional semantics for IF-logic can be given has been studied by several 
authors, particularly Wilfrid Hodges [Ho,97a]. However, there is an even 
more basic question which does not seem to have received much, if any, 
attention: namely, how to give a properly compositional syntax for such 
constructs. For example, how can we build up a formula with branching 
quantifiers piece by piece? It might seem that IF-logic sweeps this question 
aside, since it does on the face of it have a compositional syntax. However, 
more careful consideration shows that the scope issues raised by the IF 
quantifiers and connectives do not fit into the usual pattern of variable- 
binding operators. 

Our aim in the present paper is to develop a logical syntax, and an 
accompanying formal semantics, which addresses both these questions. The 
semantics is naturally phrased in terms of strategies for n-person games; 
and it will fit well with our compositional analysis of partial information 
constructs. Both our syntactical and semantical explorations will bring to 
light some rather unexpected connections to developments in Theoretical 
Computer Science. 

Many of the ideas in this paper were first presented in a lecture given at 
the 11th Amsterdam Colloquium in December 1997. Some of the underlying 
technical notions are developed in rather different contexts in a number 
of other papers [AbJa194, AbMe,99, Ab00a, Ab03]. One motivation for 
writing this paper is to attempt to communicate some of the techniques 
and concepts which have been developed within the Theoretical Computer 
Science semantics community to a broader audience. We have therefore 
tried to present the ideas in a self-contained fashion, and in a fairly expansive 
expository style. The present paper is a revised and expanded version of a 
paper which first appeared as [Ab06]. 
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2 From 2-person to n-person games 
2.1 The naturalness of 2-person games 


The basic metaphor of Game Semantics of Logic is that the players stand for 
Proponent and Opponent, or Verifier and Falsifier, or (with Computer 
Science motivation) for System and Environment. This 2-agent view 
sets up a natural duality, which arises by interchanging the roles of the two 
players. This duality is crucial in defining the key notion of composition of 
strategies in the Game Semantics developed in Computer Science. It stands 
as the Game-Semantical correlate of the logical notion of polarity, and the 
categorical notions of domain and codomain, and co- and contra-variance. 
So this link between Logic and 2-person games runs deep, and should 
make us wary of facile generalization. It can be seen as having the same 
weight as the binary nature of composition in Categories, or of the Cut Rule 
in Logic. Are there good multi-ary generalizations of these notions? 
Nevertheless ... we shall put forward a simple system which seems to 
us to offer a natural generalization. We shall validate this notion to the 
extent of providing a precise and (in our opinion) elegant semantics in n- 
person games. This at least has the merit of broaching the topic, and 
putting a clear, if far from comprehensive, proposal on the table. There are 
undoubtedly many further subtleties to explore, but it is a start. 


2.2 Background: 2-person games 

As a starting point, we shall briefly review a Hintikka-style ‘Game-Theor- 
etical Semantics’ of ordinary first-order logic, in negation normal form. Thus 
formulas are built from literals by conjunction, disjunction, and universal 
and existential quantification. Given a model M, a game is assigned to each 
sentence as follows. (We shall be informal here, just as Hintikka invariably 
is.) 


e Literals A(a1,...,an), ~A(ai,...,@n). The game is trivial in this 
case. There is a winning move for Verifier if the literal is true in the 
model, and a winning move for Falsifier otherwise. 


e Conjunction Yı ^A yo. The game G(yi A p2) has a first move by 
Falsifier which chooses one of the sub-formulas y;, i = 1,2. It then 
proceeds with G(y;). 


e Disjunction G(y1 V p2) has a first move by Verifier which chooses 
one of the sub-formulas y;, i = 1,2. It then proceeds with G(y;). 


e Universal Quantification G(Vz.y) has a first move by Falsifier, 
which chooses an element a of M. The game proceeds as G(y|a/z]). 


e Existential Quantification Dually, Verifier chooses the element. 
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The point of this interpretation is that M — y in the usual Tarskian sense 
if and only if Verifier has a winning strategy for G(y). 

Note that there is a very natural game-semantical interpretation of nega- 
tion: G(-y) is the same game as G(y), but with the rôles of Verifier and 
Falsifier interchanged. 


2.3 An aside 


In fact, the above Game semantics should really be seen as applying to the 
additive fragment of Linear Logic, rather than to Classical Logic. Note in 
particular that it fails to yield a proper analysis of implication, surely the 
key logical connective. 

Indeed, if we render y > Ww as ~y V 4, then note that G(-~y V 4) 
does not allow for any flow of information between the antecedent and the 
consequent of the implication. At the very first step, one of ~y or p is 
chosen, and the other is discarded.' In order to have the possibility of such 
information flow, it is necessary for G(-=y) and G(q) to run concurrently. 
This takes us into the realm of the multiplicative connectives in the sense of 
Linear Logic [Gi287]. The game-theoretical interpretation of negation also 
belongs to the multiplicative level. 


2.4 From 2-person to n-person games 


We shall now describe a simple syntax which will carry a natural inter- 
pretation in n-agent games. We say that the resulting logic is “socially 
responsive” in that it allows for the actions of multiple agents. 

We fix, once and for all, a set of agents A, ranged over by a, {,... 

We introduce an A-indexed family of binary connectives ®a, and an 
A-indexed family of quantifiers Qa. Thus we have a syntax: 


py = L | Pat | Qar. y. 


(Here L ranges over literals.) 

The intended interpretation of yaY is a game in which agent a initially 
chooses either y or w, and then play proceeds in the game corresponding 
to the chosen sub-formula. Similarly, for Qaz. y, a initially chooses an 
instance a for x, and play proceeds as for yļa/zx]. 


2.4.1 2-person games as a special case 
If we take A = {V, F}, then we can make the following identifications: 


v =V, Fr =A, Qv = , Qr =V. 

1 This is of course quite analogous to the “paradoxes of material implication”. Our 
point is that the game structure, if taken seriously as a way of articulating interactive 
behaviour, rather than merely being used as a carrier for standard model-theoretic 
notions, opens up new and more interesting possibilities. 
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2.4.2 Whither negation? 

In 2-person Game Semantics, negation is interpreted as rôle interchange. 
This generalizes in the multi-agent setting to rôle permutation. Each per- 
mutation 7 € S(A) (S(X) being the symmetric group on the set X) induces 
a logical operation 7#(y) of permutation of the rôles of the agents in the 
game corresponding to A. In the 2-agent cases, there are two permutations 
in S({V, F}), the identity (a ‘no-op’), and the transposition V @ F, which 
corresponds exactly to the usual game-theoretical negation. 


2.4.3 Other connectives 

In the light of our remarks about the essentially additive character (in the 
sense of Linear Logic) of the connectives ©, and their game-semantical 
interpretation, it is also natural to consider some multiplicative-style con- 
nectives. We shall introduce two very basic connectives of this kind, which 
will prove particularly useful for the compositional analysis of branching 
quantifiers: 


1. Parallel Composition, y||Ņ. The intended semantics is that G(y]||w) 
is the game in which play in G(y) and G(w) proceeds in parallel. 


2. Sequential Composition, y - 7). Here we firstly play in G(y) to a 
conclusion, and then play in G(w). 


It will also be useful to introduce a constant 1 for a “neutral” or “vacuously 
true” proposition. The intended semantics is an empty game, in which 
nothing happens. Thus we should expect 1 to be a unit for both sequential 
and parallel composition. 

Thus the syntax for our multi-agent logic £4 stands as follows: 


p = 1 | A | pay | Qarip | od | ply | îl). 
Here A ranges over atomic formulas, and m € S(A). 


2.4.4 Quantifiers as particles 

The syntax of L4 is more powerful than may first appear. Consider an idea 
which may seem strange at first, although it has also arisen in Dynamic 
Game Logic [vB03] and implicitly in the semantics of non-deterministic 
programming languages [ApP1,81]. Instead of treating quantifiers as prefix- 
ing operators Q_v.y in the usual way, we can consider them as stand-alone 
particles Qax = Qauz.1. We should expect to have 


(Qaz): = (Qor-1)-¢ = Qozr-(1-~) = Qat. g. (1.1) 


Thus this particle view of quantifiers does not lose any generality with re- 
spect to the usual syntax for quantification. But we can also express much 
more: 


(Vry) || (Vudv)]- A(z, y, u, v). 
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This is the Henkin quantifier, expressed compositionally in the syntax of 
La.” More generally: 


Proposition 2.1. Every partially-ordered quantifier prefix in which the 
partial order is a series-parallel poset can be expressed in the syntax of L4. 


We could therefore recast the grammar of £4 as follows: 


yp == A | PaP | Qax | vv | oll | #(y). 


However, we shall stick to the previous syntax, as this is more familiar, and 
will provide us with an independent check that the expected equivalences 
(1.1) hold. 


3 Semantics of Ly 


We shall now develop a semantics for this logic. This semantics will be built 
in two levels: 


1. Static Semantics of Formulas To each formula y € Ly, we shall 
assign a form of game rich enough to allow for concurrent actions, and 
for rather general forms of temporal or causal dependency between 
moves. This assignment will be fully compositional. 


2. Dynamic Semantics We then formulate a notion of strategy for these 
games. For each agent a € A there will be a notion of a-strategy. We 
shall show to build strategies for the games arising from formulas, 
compositionally from the strategies for the sub-formulas. We shall 
also define the key notion of how to evaluate strategy profiles, i.e. a 
choice of strategy for each agent, interacting with each other to reach a 
collective outcome. We shall find an elegant mathematical expression 
for this, prima facie very complicated, operational notion. 


We shall also discuss the notion of valuation of an outcome, on the 
basis of which logical notions of validity, or game-theoretical notions 
of equilibria can be defined. However, we shall find that a fully com- 
positional account of valuations will require the more refined analysis 
of syntax to be given in the next section. 


3.1 Static semantics: concrete data structures as concurrent 
games 

The structures we shall find convenient, and indeed very natural, to use as 

our formal representations of games were introduced by Gilles Kahn and 

Gordon Plotkin in 1975 (although their paper only appeared in a journal 


2 A similar analysis of branching quantifier syntax appears in the appendix to [vB03]; 
my thanks to Johan van Benthem for pointing out this reference to me. 
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in 1993; cf. |KaoPl178, KaoPl193]). They arose for Kahn and Plotkin in 
providing a representation theory for their notion of concrete domains. The 
term used by Kahn and Plotkin for these structures was information ma- 
trices; subsequently, they have usually been called concrete data structures, 
and we shall follow this latter terminology (although in some ways, the 
original name is more evocative in our context of use). 

What, then, is a concrete data structure (CDS)? It is a structure 


M = (C, V, D, FH) 
where: 


e C is a set of cells, or ‘loci of decisions’—places where the agent can 
make their moves. These cells have a spatio-temporal significance: 
they both allow the distributed nature of multi-agent interactions to 
be articulated, and also capture a causal or temporal flow between 
events, as we shall see. 


e V is a set of ‘values’, which label the choices which can be made by 
the agents from their menus of possible moves: for example, choosing 
the first or second branch of a compound formula Y Pa Y, or choosing 
an instance for a quantifier. 


e DC CxV isa set of decisions, representing the possible choices which 
can be made for how to ‘fill’ a cell. Note that specifying D allows some 
primitive typing for cells; only certain choices are appropriate for each 
given cell. (The more usual terminology for decisions is ‘events’; here 
we have followed Kahn and Plotkin’s original terminology, which is 
very apt for our purposes.) 


e The relation F C Ps(D) x C is an enabling relation which determines 
the possible temporal flows of events in a CDS. (P(X) is the set of 
finite subsets of X.) 


A state or configuration over a CDS M is a set s C D such that: 
e sis a partial function, i.e. each cell is filled at most once. 
e If (c,v) € s, then there is a sequence of decisions 
(C1, v01), . <- , (Ck, Uk) = (c, v) 
in s such that, for all j, 1 < j < k, for some T; C {(c;, v;i) | 1 <i < j}: 
TyC: 


This is a “causal well-foundedness” condition. (Kahn and Plotkin 
phrase it as: “c has a proof in x”.) Note that, in order for there to be 
any non-empty states, there must be initial cells co such that ØF co. 
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We write D(M) for the set of states, partially ordered by set inclusion. This 
is a concrete domain in the sense of Kahn and Plotkin. In particular, it is 
closed under directed unions and unions of bounded families, and the finite 
states form a basis of compact elements, so it is algebraic. 

To obtain a structure to represent a multi-agent game, we shall consider 
a CDS M augmented with a labelling map 


àm : CM — A 


which indicates which agent is responsible for filling each cell. We call 
(M, Am) an A-game. 

We are now ready to specify the compositional assignment of an A-game 
to each formula of L4. We assume a set Z which will be used as the domain 
of quantification. We shall use W for the disjoint union of sets. 


e Constant 1. This is assigned the empty CDS (Ø, Ø, 5, Ø). 
e Atomic formulas A. These are assigned the empty CDS (Ø, Ø, 2, Ø). 


e Choice connectives Y Gg Y. Let 


M=[y], N= fv] 


be the CDS assigned to y and 4, with labelling functions Awm and Ay. 
Then the CDS M 6, N is defined as follows: 


(CuWwCn {co}, Vu UVn U{1, 2}, DytDn{(co, 1), (co, 2)}, Fmoan) 


where 
FMaaN Co 


(co, 1), T CMPaN C => T TM C 


(co, 2), T -“MO@oNC => Tye. 


This is the standard separated sum construction on CDS as in 
[KapP1,93]. Pictorially: 


Initially, only the new cell co is enabled. It can be filled with either of 
the values 1 or 2. If it is filled by 1, we can proceed as in M = fọ], 


Game Semantics for Multi-Agent Logics 19 


while if it is filled with 2, we proceed as in N = [y]. This makes the 
usual informal specification precise, in a rather general setting. 


To complete the specification of M Ba N as an A-game, we specify 
the labelling function Amea N: 

co |= a 

c > Am(c) (cE Cu) 

c Fr Anlo) (CE Cy). 


As expected, the initial cell co must be filled by the agent a; other 
cells are filled as in the corresponding sub-games. 


Quantifiers Qax. y. Let M = [y]. 


Qa(M) = (Cu ¥ {co}, Vm UT, Dm ¥ ({co} x Z),FeQ.(m)): 


FQa(M) €o 
(co, a), T Foam) € <> Tryec (la ET). 


This is a variant of the standard lifting construction on CDS. 


Initially, only the new cell co is enabled. It can be filled with any choice 
of individual a from the domain of quantification Z. Subsequently, we 
play as in M. The labelling function, Ag, (m): 


cor Q, ch Am(c) (cE Cy). 


Although the interpretation of the quantifier particle Qax = Qau.1 
can be derived from the definitions already given, we set it out explic- 
itly to show how simple and natural it is: 


[Qax] = ({co}, Z, {co} x Z, {F co}), 


with labelling function co + a. Thus the game consists of a single 
cell, labelled by a, initially enabled, in which any element from Z can 
be chosen — a true “particle of action” in a multi-agent setting. 
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e Parallel Composition y||~. Let M = [y], N = [y]: we define 
M||N = (Cu W CN, Vm © Vn, Dm © Dn,ku Y Fy). 


The labelling function is defined by: 


Pictorially: 


fi] 


Decisions in M and N can be made concurrently, with no causal or 
temporal constraints between them. This is the standard product con- 
struction on CDS. 


Sequential Composition y-w. We say that a state s € D(M) is 
maximal if 
vte D(M)[s Ct > s=t]. 


We write Max(M) for the set of maximal elements of D(M). 
Let M = [y], N = [y]: we define 


M-N = (Cyt Cy, Vu YVyn, Dm Y Dy,km.n), 
where 


TF Fmne <— Twtke v T =sUA A s € Max(M) A AF  c). 


The idea is that firstly we reach a maximal state in M—a “complete 
play”—and then we can continue in N. Note that this construction 
makes sense for arbitrary CDS M, N. Even if M has infinite maximal 


Pictorially: 
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states, the finitary nature of the enabling relation means that no events 
from N can occur in M - N following an infinite play in M. 


The labelling function is defined by: 


Note that the difference between M||N and M - N is purely one of 
temporality or causality: when events can occur (or, in the alternative 
terminology, decisions can be made) relative to each other. 


e Role Switching 7(y), 7 E€ S(A). The CDS [7(y)] is the same as 
M = [y]. However: 
Ae(M) =T7 0 ÀM- 


3.2 Dynamic semantics: concurrent strategies 


We now turn to the task of defining a suitable notion of strategy for our 
games. We shall view a strategy for an agent a on the game M as a function 
o : D(M) —> D(M). The idea is that o(s) shows the moves which agent a 
would make, in the situation represented by the state s, when following the 
strategy represented by ø. Some formal features of o follow immediately 
from this: 


e (S1) Since past moves cannot be undone, we must have s C a(s), 
i.e. 0 is increasing. 


e (S2) If (c, v) € a(s) \ s, it must be the case that Am (c) = a, since a 
is only able to make decisions in its own cells. 


We shall impose two further conditions. While not quite as compelling as 
the two above, they also have clear motivations. 


e (S3) Idempotence: o(a(s)) = o(s). Since the only information in o(s) 
over and above what is in s is what o put there, this is a reason- 
able normalizing assumption. It avoids situations where ø proceeds 
‘slowly’, making decisions in several steps which it could have taken in 
one step (since the information from the Environment, i.e. the other 
agents, has not changed). 


e (S4) Monotonicity: s C t = o(s) C o(t). This condition reflects 
the idea that states only contain positive information. The fact that 
a cell c has not been filled yet is not a definite, irrevocable piece of 
information. Another strategy, working on behalf of another agent, 
may be running concurrently with us, and just about to fill c. 
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Finally, there is a more technical point, which is a necessary complement 
to the above conditions. We take ø to be a function on D(M)', which 
is obtained by adjoining a top element T to D(M). Note that, since ø 
is increasing, we must have o(T) = T. The significance of adding a top 
element to the codomain is that it allows for partial strategies, which are 
undefined in some situations. 

The following result is standard. 


Proposition 3.1. D(M)' is an algebraic complete lattice. 


Taking the conditions (S1), (S3), (S4) together says that ø is a closure 
operator on D(M)'. A closure operator additionally satisfying (S2) is said 
to be an a-closure operator. We write Cla(M) for the set of a-closure 
operators on D(M)'. 

The full specification of the game based on a CDS M will comprise a 
set of strategies S,(M) C Cla(M) for each agent a. By limiting the set of 
strategies suitably, we can in effect impose constraints on the information 
available to agents. 


3.2.1 Inductive construction of strategy sets 

There are several approaches to defining the strategy sets Sa. We are in- 
terested in compositional definitions of Sa([y]]). There are two main ap- 
proaches to such definitions, both of which have been extensively deployed 
in Game Semantics as developed in Computer Science. 


1. We can define the strategy sets themselves directly, by induction on 
the construction on y. This is the “global” approach. It is akin 
to realizability, and in general leads to strategy sets of high logical 
complexity. See [AbMe,99, Ab00b] for examples of this approach. 


2. We can use an indirect, more “local” approach, in which we add some 
structure to the underlying games, and use this to state conditions 
on strategies, usually phrased as conditions on individual plays or 
runs of strategies. Sa([p]) is then defined to be the set of strate- 
gies in Cl.([y]) satisfying these conditions. This has in fact been the 
main approach used in the Game Semantics of programming languages 
[AbJa;Ma,00, HypOn00]. However, this approach has not been devel- 
oped for the kind of concurrent, multi-agent games being considered 
here. 


It seems that both of these approaches may be of interest in the present 
context. We therefore show how both can be applied to the semantics of 
La. We begin with the local approach, which is perhaps closer to the 
intuitions. 
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3.2.2 Local conditions on strategies 

The idea is to capture, as part of the structure of the underlying game, 
which information about the current state should be available to agent a 
when it makes a decision at cell c. This can be formalized by a function 


ym : Cu — [D(M) — D(M)] 


which for each cell c assigns a function ym(c) on states. The idea is that, 
if Am(c) = a, yau(c)(s) restricts s to the part which should be visible 
to agent a, and on the basis of which he has to decide how to fill c. It 
follows that ym(c) should be decreasing: yu(c)(x) C x. Note the duality 
of this condition to (S1). We add the assumptions of monotonicity and 
idempotence, with much the same motivation as for strategies. It follows 
that yar(c) is a co-closure operator. 


3.2.3 Notation 
Remembering that a state s € D(M) is a partial function, we write s\\c 
to mean that s is defined at the cell c, or that “s fills ce’, as it is usually 
expressed. Also, we write Cf, for the set of a-labelled cells in Cm. 

Now, given such a function ym, we can define the strategy set Sa( M): 


Sal M) = {0 € Cla(M) | 
Ys € D(M) Nc € Chy.[o(s)\e => o(yu(c)(s))\c]}. (1.2) 


Thus the information constraint imposed by ym is expressed by the condi- 
tion that ø can only make a decision at cell c in state s if it would have 
made the same decision in the smaller (less information) state yj,(c)(s).° 
This is a direct analogue of the use of views in Hyland-Ong style games 
[Hy On00] to define ‘innocent strategies’. However, apart from the more 
general format of our games, there is greater flexibility in the provision of 
the function ym as a separate component of the game structure, whereas 
specific view functions are built into the fabric of HO-games. 


We now show how the functions 7.) can be defined, compositionally in y. 
e Atomic formulas, and constant 1. This case is trivial, since the 
set of cells is empty. 
e Choice connectives Y a Y. Let M = [y], N = [y]. We define 
YM@aN by: 
SO, c = Co 
YM@aN(C)(S) = 4 {(co,1)} U ym (6)(s \ (c,1)), (c E€ Cm) 
{(co,2)} U yx (6) (s \ (6 2)), (c € Cy). 


3 It appears that our condition only requires that the cell c be filled somehow in 
ym (c)(x); however, monotonicity of ø ensures that if it is filled in ym(c)(s), then 
it must be filled with the same value in s. 
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Quantifiers Qa.. Let M = [y]. 


VQa(M)(Co)(s) = Ø, 
Yeamy(e)({(co,a)} Ys) = {(co,a)} U ym(c)(s) (c€ Cm). 


Thus the choice initially made by a to decide the value of the quantifier 
is visible to all the agents. 


Parallel Composition y]||7. Let M = [y], N = [y]. We define 
Yun by: 


_ Jru(c)(mm(s)), c€ Cu 
yan (c)(s) = ae a 


Here mm, Ty are the projection functions; e.g. 
tu(s) = {(c,v) E€ s| ce Cm}. 


Thus the view at a cell in the sub-game M or N is what it would 
have been if we were playing only in that sub-game. This implements 
a complete block on information flow between the two sub-games. It 
can be seen as corresponding directly to the Linear Logic connective 
®. 


Sequential Composition y - y. Let M = [y], N = [y]. We define 
Ym-n by: 


= ym(c)(Tm(s)), c E€ CM 
ym-n(c)(s) = E U WIC Saen 


Thus while we are playing in M, visibility is at it was in that sub- 
game. When we have finished a complete play s in M and start to 
play in N, we can see the whole completed play s, together with what 
is visible in the sub-game NV. 


Role Permutation 7(y). We set y#(,)) = jy]: The same infor- 
mation is available from each cell; but, for example, if agent a had 
more information available than agent 8 in M, that advantage will be 
transferred to 8 in 7(M) if m interchanges a and £. 


3.2.4 Global definitions of strategy sets 


We define the strategy sets S,([y]) compositionally from the construction 
of y. The main point to note is the constructions on strategies which arise in 
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making these definitions; these show the functorial character of the game- 
semantical interpretation of the connectives, and point the way towards 
a semantics of proofs—or indeed, in the first instance, to what the proof 
system should be—for the logic. 


e Atomic formulas and constant 1. These cases are trivial, since 
the set of cells is empty. Thus D([A]) = D([1]) = {Ø}. We set 
So([A]) = Sa([1]) = {idto} }. 

Choice connectives Y Gq Y. Let M = [y], N = [y]. We firstly 
define some constructions on closure operators: 


ing : Cla(M) — Cla(M a N), ina: Cla(.N) — Cla(M 8a N) 
@: Cle(M) x Cla (N) — Clea(M Da N) (8 a a). 


For i = 1, 2: 
in;(o)(s) = oo Ua(s\{(co,4)}), (oj) Es > j=i 
T otherwise. 
o @® T(2) = Ø 


a © T({(co,1)} Hs) = {(co,1)} U o(s) 
a © T({(co,2)} Ht) = {(co,2)} U 7(¢). 


Thus inı (ø) is the strategy for a in M a N which firstly decides to 
play in M, and then subsequently plays like ø, which is (“inductively”) 
assumed to be a strategy for a in M. Similarly for ing(r). Note that 
both these strategies are “non-strict”: that is, in;(o)(@) will at least 
contain (co, i). This reflects the idea that agent a must play the first 
move in M ®a N, and nothing can happen until he does. The strategy 
o @T for another agent 6 #4 a must on the other hand “wait” at the 
initial state Ø until œ has made its decision. Once this has happened, 
it plays according to ø if the decision was to play in M, and according 
to T if the decision was to play in N. 


Note how the definitions of in1, ing show why strategies must in general 
be partial; there is a “self-consistency” condition that we should only 
be confronted with situations in which the decisions ascribed to us are 
indeed those we actually made. 


We now define the strategy sets for M ®a N: 


Sa(M@aN) = {iny(o) | o € Sa(M)}U {ino(r) | T € Sa(N)} 
SelM BaN) = {o@7|o€So(M) ATE S(N)} (84a). 
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e Quantifiers Q,(y). Let M = [y]. We define operations 


Daez : Cla(M)* — Cla(Qa(M)), (8 +a), 


and, for each a € T: 
upa : Cla( M) — Cla(Qa(M)). 


up, (o) (s) = pe Uø(s\ {(co,a)}), (co,b) Es > b=a 


are otherwise. 
(aera) (2) = © 
(Baezea)({(co,b)} Ws) = {(co,b)} U o(s). 


Note the similarity of these operations to those defined for the choice 
connectives. (In fact, the separated sum M @ N can be seen as the 
composite (M + N) of disjoint sum and lifting constructions.) Note 
also, in the definition of @gezoq, the dependence of the strategy op 
used to continue the play on the element b € Z initially chosen by a. 


We define the strategy sets as follows: 
Sa(Qa(M)) = {up,(7) |a eZ, € S.(M)} 
Sia(Qa(M)) {Gaeta | Va €L.0q E Sa(M)} (8 Fa). 


Parallel Composition ¢]||~. Let M = [vy], N = lW]. We define an 
operation 
| : Cla(M) x Cla(N) — Cla(M||N) 


oll7(s) = o(am(s)) Ut(rw(s)). 


This is just the functorial action of the product, and gives the “infor- 
mation independence” of play in the two sub-games. Now we define 
the strategy sets: 


‘ 


Sal MIIN) = follt |o € Sa(M) A TE SQ(N)}. 


Sequential Composition y- 7. Let M = [y], N = ly]. Given 
a € Cla(M), and a family (Ts)semax(m) © Cla (N) indexed by maximal 
states in M, we define: 


a(t), t € D(M),o(t) g Max(M) 


(a - (Ts)s)Œ) = 4 o(t) U To (2), tE D(M), olt) € Max( M) 
s U T(u), t=sUu,s E€ Max(M),u E€ D(N). 
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This allows for arbitrary dependency of agent a’s play in N on what 
previously occurred in M. Note that in the case that ø completes a 
maximal play s in M, control passes immediately to 7, to continue in 
N. We then define 


Sa(M-N) = {o-(ts)s|o E€ Sa(M) A Ys € Max(M).[7, E€ Sa(NV)]}. 


e Role Permutation 7(y). Let M = [yl]. Here we simply set 
Sal (M)) = Sr-1(a) (M). 


3.2.5 Comparison of the local and global definitions 
Having defined strategy sets in these two contrasting fashions, we must com- 
pare them. Let y be a formula of L4. We write S8(]y]) for the strategy set 
for [p] defined according to the global construction, and similarly S$! ([y]) 
for the local definition (1.2) using the visibility function 7,4). 


Proposition 3.2. For all y € Lu, SEC] © Sh (fel). 


Proof. A straightforward induction on y. Note in particular that o||7 sat- 
isfies the local condition (1.2) with respect to the parallel composition. 
Q.E.D. 


The converse is false in general. The strategies in S&([y]) have two 
important global properties which strategies satisfying the local condition 
(1.2) need not possess. 

Safety We define the domain dom(o) of a closure operator o € Cla( M) to 
be the least subset of D(M)" satisfying the following conditions: 


(D1) Ø €dom(c) 

(D2) s€dom(c) = o(s) € dom(c) 

(D3) S Cdom(o), S directed => US € dom(c) 
(D4) s€dom(o),s Cte D(M), 


[(c,v) €t\s > Am(c) 4a] => tE€dom(o). 


Note that (D1)-(D3) are the usual inductive definition of the set of iter- 
ations leading to the least fixpoint of ø. The condition (D4) gives this 
definition its game-theoretic or multi-agent character. 

We say that o is safe if T ¢ dom(c). Thus if ø is never confronted by 
a-moves that it would not itself have made, then whatever the other agents 
do it will not “crash” or “abort” (which is how we think of T). 


Proposition 3.3. For all y € L4, every strategy in S8([y]) is safe. 
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Progress We consider the following assumptions on strategies o € Cla(M): 


e (WP) If s € D(M) contains an enabling of some a-cell c which is not 
filled in s, then o(s) Æ s. In other words, ø does something (makes 
at least one decision) whenever it can. 


e (MP) For all s € D(M), if o(s) contains an enabling of some a-cell 
c, then it fills c. Thus o decides every a-cell as soon as it becomes 
accessible. 


We call (WP) the weak progress assumption and (MP) the maximal progress 
assumption. Clearly (MP) implies (WP). 


Lemma 3.4. The weak progress assumption implies the maximal progress 
assumption, and hence the two conditions are equivalent. 


Proof. Let o be an a-strategy not satisfying (MP). Then there must be 
a state s such that some a-cells are accessible but not filled in o(s). By 
idempotence, o(0(s)) = o(s), and hence o does not satisfy (WP). Q.E.D. 


Proposition 3.5. For all y € Lu, every strategy in S&([y]]) satisfies the 
maximal progress assumption (MP). 


Given an A-game M, we define S'S°(M) to be the set of all strategies in 
S! (M) which are safe and satisfy the weak progress assumption. 


Theorem 3.6 (Characterization Theorem). For all y € Ly, S8([y]) = 
Sa (fel). 


Proof. By induction on y. We indicate some cases. 


1. Parallel composition. For a strategy o € S!P(M||N), the visibility 
condition implies that o = 0 ||o2. The safety of o implies that of 
cı and og, and similarly (MP) for ø implies (MP) for cı and o2. 
Thus o; € S!P(M) and a2 € S!P(N), and we can apply the induction 
hypothesis. The case for sequential composition is similar. 


2. Choice connectives. Here the progress assumption implies that the 
strategy holding the initial cell must fill it. Safety implies that strate- 
gies for other players must have the form o @7. Play after the initial 
cell is filled reduces to play in the chosen sub-game, and we can apply 
the induction hypothesis. 


Q.E.D. 


Thus we explicitly characterize the “immanent” properties of the strat- 
egy sets S&([y]]) in terms of local conditions on information visibility, plus 
safety and liveness properties. 


Game Semantics for Multi-Agent Logics 29 


3.3 Evaluation of strategy profiles 


Consider a CDS M with a strategy set Sa for each agent a E€ A. A strategy 
profile is an A-tuple 
(Ca)aca € II Sa 
acA 

which picks out a choice of strategy for each a € A. The key operation in 
“bringing the semantics to life” is to define the result or outcome of playing 
these strategies off against each other. Given the concurrent nature of our 
games, and the complex forms of temporal dependency and information 
flow which may arise in them, it might seem that a formal definition of this 
operation will necessarily be highly complex and rather messy. In fact, our 
mathematical framework allows for a very elegant and clean definition. We 
shall use the notation (Ca)aca for this operation. It maps strategy profiles 
to states of M. The idea is that the state arising from (o9)aea will be 
that reached by starting in the initial state Ø, and repeatedly playing the 
strategies in the profile until no further moves can be made. The formal 
definition is as follows. 


Definition 3.7. We define (a4) ae. to be the least common fixpoint of the 
family of closure operators (Ca)aca; i-e. the least element s of D(M)" such 
that cals) = s for alla € A. 


The following Proposition (which is standard) guarantees that this def- 
inition makes sense. 


Proposition 3.8. Any family of closure operators C on a complete lattice 
L has a common least fixpoint. In case the lattice has finite height, or 
C = {c,...,¢n} is finite and the closure operators in C are continuous 
(i.e. preserve directed joins) this common least fixpoint can be obtained 
constructively by the expression 


VV c*¥(1), where c = c1 0-++ 0 Cp. 
kew 


Any permutation of the order of the composition in defining c, or indeed 
any “schedule” which ensures that each closure operator is applied infinitely 
often, will lead to the same result. 


We recall the notion of safety from the previous section. 


Proposition 3.9. Let (ga)aca be a strategy profile in which oy is safe for 
alla € A. Then (Cajaca £ T. 


Proof. We prove by transfinite induction on the iterations towards the least 
fixpoint that every state which is reached is in the domain of every strategy 
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in the profile. The base case is (D1), and the limit ordinal case is (D3). 
Applying some Ga to the current state stays in the domain of oa by (D2), 
and in the domain of every other strategy in the profile by (D4). Q.E.D. 


In particular, we know by Proposition 3.3 that this applies to our setting, 
where we have a formula y € L4, with corresponding CDS M = [y] and 
strategy sets Sa(|y]), a € A. Furthermore, we have: 


Proposition 3.10. For all y € Ly, and every strategy profile (Ca)aca E 
S8([¢]) = sae): 
(Fa)aea E Max([y]). 


Proof. Firstly, we know by Proposition 3.9 that (ga)aea # T. Let s = 
(Ja)acA- If s is not maximal, some cell c must be accessible but not filled in 
s. Suppose c is an a-cell. Since aq satisfies (WP), we must have a(s) Æ s, 
contradicting the definition of (oq)ae4 as a common fixpoint of all the 
strategies in the profile. Q.E.D. 


Thus the outcome of evaluating a strategy profile in the game arising 
from any formula is always a well-defined maximal state. 


We pause to mention another connection with Theoretical Computer 
Science. Our use of closure operators as strategies, and the definition of the 
evaluation of strategy profiles as least common fixpoints, builds on ideas 
which arose originally in the semantics of dataflow [Ja;Pa2Pi289] and con- 
current constraint programming [SasRioPa291]. They have also been ap- 
plied extensively to constraint programming and constraint propagation al- 
gorithms over the past decade [Ap97]. Our own previous development of 
these ideas appears in a number of papers [AbMe 199, Ab00a, Ab03]. 


3.4 Outcomes and valuations 


One ingredient which has been missing thus far in our account of the se- 
mantics of L4 has been any notion of payoff or utility in game-theoretic 
terms, or of truth-valuation in logical terms, which may serve as a basis 
for game-theoretical notions of equilibria or logical notions such as validity. 
The status of the standard notions on the logical side is far from clear when 
we pass to multi-agent games. However, we can certainly provide support 
for studying equilibrium notions in our framework, in such a way that these 
specialize to the usual logical notions in the two-agent case. We shall only 
enter into a preliminary discussion here, simply to indicate some of the 
possibilities. 

As we have just seen, for the games arising from formulas in £.4, eval- 
uation of strategy profiles always leads to maximal states. Moreover, the 
CDS corresponding to any formula has only finitely many cells (although if 
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T is infinite, so also will be the sets of values, decisions and states). Hence 
any state consists of only finitely many decisions. 


Proposition 3.11. For any closed formula y € £4, a maximal state in 
[y] corresponds to a combination of atomic sentences, built by series and 
parallel composition from (instances of) atomic subformulas of y. If ọ is 
built from atomic formulas using only the choice connectives and quanti- 
fiers, maximal states will correspond exactly to single instances of atomic 
subformulas. 


Proof. Given a maximal state s, we argue by induction on y. We indicate 
some cases: 


e pap. Then s contains (co, i). If i = 1, we continue with the formula 
y and the maximal state of |y] obtained by removing (co, 1) from s. 
Similarly if i = 2. 


e Qax. y. Then s contains (co, a). We continue inductively with y[a/z] 
and the maximal state of [y[a/z]] obtained by removing (co, a) from 
s. 


e ||. We continue inductively with y and mm(s), and with w and 
mn(s), and glue the results back together with parallel composition. 


e y-w. Essentially the same as for parallel composition. 
Q.E.D. 


3.4.1 Example 


We take A = {V, F}, and use standard notation for choice connectives and 
quantifiers. Consider the formula 


Va.dy.[A(a,y) A B(y)] || 3z.C(z). 


The corresponding CDS has four cells: 


FRA Gv 


v@ 


FOW 
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In a maximal state of this CDS, these cells are all filled. If the Vz cell is 
filled with a € Z, Jy with b € Z, A with 1, and 3z with c € Z, then the state 
will correspond to the following parallel composition of atomic sentences: 


A(a, b) || C(c). 


In the usual Hintikka-style Game semantics, a model M is used to evaluate 
atomic sentences. We can see that in our setting, this work can equivalently 
be done by a Boolean valuation function 


val : Max([y]}) — {0,1}. 


So for 2-agent games, we could simply use such a valuation to give a notion 
of winning strategy for Verifier, and hence of logical validity. 


More generally, in the multi-agent case we should consider valuations 
vala : Max([y]}) — Va 
for each agent a, into some set of preferences or utilities. Given an outcome 


o = (Fa)aea E Max([y]), 


we can evaluate it from the perspective of each agent a as vala(0), and 
hence formulate notions such as Nash equilibrium and other central game- 
theoretical notions. 


3.4.2 Compositionality? 

Until now our semantics has been fully compositional. However, as things 
stand, valuation functions cannot be described in a compositional fashion. 
The problem becomes clear if we consider our treatment of atomic formu- 
las. Their current representation in our semantics is vacuous — the empty 
CDS. This carries no information which can be used by a valuation function 
to express the dependence of an outcome on the values previously chosen 
for the variables appearing in the atomic formula. We can recover this 
correspondence globally, as in Proposition 3.11, but not compositionally, 
by gluing together a valuation function defined for an atomic formula with 
those arising from the context in which it occurs. 

We shall now give a reformulation of the syntax of L4 which will allow 
us to take full account of the role of variables and variable-binding in our 
semantics, and hence provide the basis for a compositional treatment both 
of valuation functions, and of IF-quantifiers and other partial-information 
constructs. 
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4 Towards environmentally friendly logic 
It is, or should be, an aphorism of semantics that: 
The key to compositionality is parameterization. 


Choosing the parameters aright allows the meaning of expressions to be 
made sensitive to their contexts, and hence defined compositionally. While 
this principle could—in theory—be carried to the point of trivialization, in 
practice the identification of the right form of parameterization does usually 
represent some genuine insight into the structure at hand. 

We shall now describe an approach to making the syntax of quantifier 
particles, including IF-quantifiers, fully compositional. This can then serve 
as a basis for a fully compositional account of valuations on outcomes. 


4.1 Syntax as a category 


Note firstly a certain kind of quasi-duality between quantifiers and atomic 
formulas. Quantifiers Qax project the scope of x inwards over sequen- 
tial compositions (but not across parallel compositions). Atomic formulas 
A(z1,..., £n) depend on variables coming from an outer scope. 

Now consider IF-quantifiers Vz/y which bind z, but also declare that it 
does not depend on an outer quantification over y. This is a peculiar binding 
construct, quite apart from its semantic interpretation. The bidirectional 
reach of the scope—inwards for x, outwards for y—is unusual, and difficult 
to make sense of in isolation from a given context of use. So in fact, it 
seems hard to give a decent compositional syntax for IF-quantifiers, before 
we even start to think about semantics. 

Once again, there is work coming from Theoretical Computer Science 
which is suggestive: namely the z-calculus [MiPagWa192a, MiPagWa192b], 
with its scope restriction and extrusion. The action calculi subsequently 
developed by Milner [Mi93] are even more suggestive, although only certain 
features are relevant here. 

We shall reformulate our view of logical syntax as follows. Each syntactic 
constituent will have an arity and a co-arity. Concretely, we shall take these 
arities and co-arities to be finite sets of variables, although algebraically we 
could just take them to be natural numbers. We shall write a syntactic 
expression as 

y: X —Y 
where X is the arity, and Y is the co-arity. The idea is that the arity specifies 
the variables that y expects to have bound by its outer environment, while 
the co-arity represents variables that it is binding with respect to its inner 
environment. 

The quantifier particle Qax can be described in these terms as 


Qaz : Ø — {1} (1.3) 


34 S. Abramsky 


or more generally as 
Qaz : X — XW {a}. 


An atom A(z1,..., £n) will have the form 
A(T1,...,En): {@1,.-.,%n} — Ø, 


so we indeed see a duality with (1.3). 
We specify “typed” versions of sequential and parallel composition with 
respect to these arities and co-arities: 


g: X —Y 4y:Y—ZzZ g: Xı — Yı wv: X2 — Y 
g- -p: X —Z glib: X Y X2 — Y YY ` 


The constant 1 has the form 
1: X —@ 


for any X. 
We take these syntactic expressions modulo a notion of structural con- 
gruence, as in the m-calculus and action calculi. We impose the axioms 


p: (p- A=(p-p)-9, 1-p=y=g-1 


wherever these expressions make sense with respect to the typing with arities 
and co-arities. 

Thus we are in fact describing a category C(£L,4). The objects are the 
arities—‘“co-arities” are simply arities appearing as the codomains of arrows 
in the category. The arrows are the syntactic expressions modulo structural 
congruence; and the composition in the category is sequential composition. 

To complete the picture: for the choice connectives, we have 


p:X — Ø ~:X —@ 
P Da Y: X — Ø 


and for role interchange 


For the IF-quantifier we have 
Va/y: X W {y} — XW {a} {y}, 


which makes explicit the fact that y occurs free in Yz/y. 

The arrows in C(£,4) will be the well-formed formulas (both open and 
“co-open”) of our logic. In particular, the sentences or closed formulas will 
be the arrows of the form y: Ø — Ø. 


Game Semantics for Multi-Agent Logics 35 


4.2 Static semantics revisited 


We consider the static semantics of a syntactic constituent y: X — Y. The 
A-game [y] defined as in Section 3.1 remains unchanged. In particular, 
atomic formulas are still assigned the empty A-game. The new ingredient 
in the static semantics will reflect the intentions behind the arities and 
coarities, which we now set out in greater detail. The arity X is the set of 
variables being imported (as “free variables”) from the outer environment 
by y. Thus an “open formula” in the usual sense will be an arrow of type 
X — Ø. The novel feature in our approach to logical syntax, following 
Milner’s action calculi, are the co-arities. In y: X — Y, it is useful to write 


Y=(XNY)wW(Y\X). 
Now: 


e XNMY represents those variables imported from the outer environment 
which we simply “pass on through” to be imported in turn by the 
inner environment. (The variables in X \ Y are hidden from the inner 
environment.) 


e Y \ X represents the variables which are being defined by y, and ex- 
ported to the inner environment, where they will bind free occurrences 
of those variables. 


As we have seen, variables bound by quantifiers are interpreted in our se- 
mantics by cells where localized decisions can be made. Hence the act of 
defining a variable amounts to binding it to a cell. Thus the single new 
component in the static semantics of y : X — Y will be a function 


bind jg : Y \X =e, CM 
where M = [y]. We now show how bind is defined compositionally. 


e Atomic formulas, constant 1, choice connectives a. These 
cases are all trivial, since the types are of the form X — Ø, and 
Ø\X=øð. 


e Quantifiers Qax : X — X w {x}. As we saw in Section 3.1, [Qax] 
has a single cell co. We set 


bind Qaz] (x) = Co. 


e Parallel Composition y]||wW : Xı W X2 — Yı W Yo, where ọ : Xı > 
Yi, Y: Xə > Yə. Let M = fel, N = [v]. We define 


bindm (y), yE Yı \ (X1 U X2) 


bind mın (Y) = H y € Yz \ (X1 U Xo). 
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e Sequential Composition y -Y : X — Z, where y: X — Y and 
w:Y — Z. This is the key case. Let M = [y], N = [y]. We can 
write 


Z\X = (Z\(XuUY) (Zn (Y\ xX). 
Hence we can define: 


bindm(z2), zE ZA(Y\X) 


bindm.n (z) = o zEZ\(XUY). 


e Role Interchange 7(y). Let M = [|y]. 


bindż(m) = bind m. 


4.3 Interlude: structural congruence 
We have already introduced a notion of structural congruence = in defining 
the syntactic category C(£,4). We now consider the interpretation of the 
structural congruence using the static semantics, and the issue of axioma- 
tization. 

We say that our semantics validates a structural congruence 


p=w:x —Y 


if [p] = [y], that is if the A-games they denote are isomorphic (in the usual 
sense of isomorphism for relational structures). 


Proposition 4.1. The following axioms for structural congruence are valid 
in the static semantics: 


p: (v8) = (p-%)-8 


1-y = ọ 
gp = gl 
ello = llv) 
1ly = ¢ 
p = yli 
ely = +ly 
PPa = Pay 
Wi (72(~)) = mo 72(y) 
TP Pat) = Fy) Ona) TY) 
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ilp o) = lp): R) 
lel) = APE). 


Remark 4.2. The following are in general not valid in the static semantics 
(which we write colourfully if imprecisely as Æ): 


Gap FY 
Gal É 9 
P Da (Y Pah) F (YBa) Da0 
(Poat): 0 F (P:0) Ba (V: 8) 
P: (Yab) F (~-) Ba ly: 0) 
Pll a0) F (lY) Sa (ello) 
(illd): llh) A 1: plil p2) 


Remark 4.3. If we weaken the notion of validity of y = w to D([y]) S 
D([v]) (order-isomorphism), then the only one of the above non-equiv- 
alences which becomes valid is 


(p Ba Y) 0 = (p0) Ga (Y: A). 


Conjecture 4.4. The axioms listed in Proposition 4.1 are complete for 
validity in the static semantics. 


4.4 Valuations 


We are now in a position to give a compositional definition of valuation 
functions on outcomes. For each agent a € A we shall fix a set Va of 
values (utilities, payoffs, truth-values ...). What structure should Va have? 
In order to express preferences between outcomes, and hence to capture 
the classical game-theoretic solution concepts such as Nash equilibrium, we 
would want Va to carry an order structure. For our present purposes, we 
need only that Va carries two binary operations 


0,8 : V2 — Va 


and an element 1 € Va, such that (Va, ©, 1) is a monoid, and (Va, Q, 1) isa 
commutative monoid.4 


4 A plausible general suggestion is to identify these two algebraic structures, and to 
take Va to be a (commutative) quantale, i.e. a sup-lattice-enriched monoid. These 
structures have been used fairly extensively in Computer Science over the past 15 years 
[AbVi93, BagCogSag 05]. 
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Now let M : X — Y be an A-game, e.g. M = [yl], for y : X > Y in 
C(£,). Then for each a € A, an a-valuation function will have the form 


valma : Z“ x Max(M) — Va. (1.4) 


Note firstly that we are only considering valuations applied to masimal 
states, which is reasonable since by Proposition 3.10, these are the only 
possible outcomes of evaluating strategy profiles. However, in a more gen- 
eral setting where infinite plays are possible, e.g. in the games arising from 
fixpoint extensions of £.4, one should consider continuous valuations defined 
on the whole domain of states D(M). 

The form of valm, a expresses the dependency of the valuation both on 
the values of the variables being imported from the environment, and on 
the final state of play. There are two extremal cases: 


1. If X = Ø, then the valuation simply reduces to a function Max( M) —> 
Va on maximal states. In particular, this will be the case for closed 
formulas. 


2. If Cm = Ø, the valuation reduces to a function TX — Va. This is 
exactly the usual kind of function from assignments to variables to 
(truth)-values induced by an atomic formula evaluated in a first-order 
model M. 


By allowing a range of intermediate cases between these two extremes, we 
can give a compositional account which, starting with given assignments of 
the form (2) for atomic formulas, ends with valuations of the form (1) for 
sentences. 

We now give the compositional definition of the valuation function. We 
use 7 € Z* to range over assignments to variables. 


e Atomic formulas. We take the valuation functions J* —> Va as 
given. Thus atomic formulas are operationally void—no moves, no 
plays—but valuationally primitive—generating the entire valuation 
function of any complex formula. This seems exactly right. 


e Constant 1. We set valjijja(7,2) = 1. 
e Choice connectives Y s Y : X — Ø. Let M = [y], N = [N]. 


valu@gN,a(n, {(co,1)} Ws) = valm,a(n, s) 


valMesN,a(n, {(c0,2)} Hs) = valn,a(n, s). 
e Quantifiers Qgr: X — X w {a}. 


valigga].a(7 {(co, a)}) =1. 
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e Parallel Composition ¢]||~) : X,WX2 > Yi WY, where ọ : Xı > Yı, 
Y : X2 — Yə. Let M = [y], N = [y]. Note that n € TX:"¥2 can be 
written as 7 = (71,72), where m € Z*!, no € T%. 


val ar N, a(n, 8) = valma (n, Tm (8)) 8 valy, ,a(n2, TN (8))- 


e Sequential Composition y -y : X — Z, where y: X — Y and 
p:Y > Z. Let M = [y], N = [y]. 


valm. N,a(n, 8) = valm, a(n, Tm (8)) © valy,a(n’, TN (5)) 


where 7 € ZY is defined as follows: 


na) f0 yeXx 
s(bindar(y)), yEeY\X. 


This is the key case—the only one where the bind function is used. 


e Role Interchange 7(y). Let M = [|y]. 
vale(M),a = YalM n- (a): 


4.5 Dynamic semantics revisited 


Given an A-game M : X — Y, an a-strategy is a family (on)yezx, where 
On € Cla(M) for all 7. The definition of evaluation of strategy profiles is 
simply carried over pointwise to these families, so that we get an outcome 
for each n € Z*. The global definition of the strategy sets Sa(M) can also 
be carried over pointwise in a straightforward fashion. However, the explicit 
dependence on the values assigned to free variables also creates some new 
possibilities, in particular for giving semantics to IF-quantifiers. This is 
best discussed in terms of the local definition of information constraints via 
visibility functions, to which we now turn. 


4.6 Visibility functions, occlusion and IF-quantifiers 
We recall that the visibility function for an A-game M : X — Y has the 
form 

ym : Cm — [D(M) — D(M)] 
and assigns a co-closure operator to each cell, specifying the information 
which is visible in any state to the agent wishing to fill the cell. We now 
augment this with an assignment 


Occyy A CM —? P(X). 


The idea is that Occys(c) C X is the set of variables which are occluded 
at the cell c; hence the decision made at c cannot depend on the values of 
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these variables. This leads to the following refinement of the information 
constraint (1.2) on a family of strategies (0,),. Note firstly that, given 
c € Cy, with X, = X \ Occm (c) and Xa = Occm (c), we can write n € Z* 
as N = (Ne; Nac), Where ne E€ TŽ, N-e E T*?. Now we can write the condition 
on (07)n as follows: 


Yn, n’ € T*,c € Cu, s € D(M).[on(8)(6) = onee (Ym (©)(8))(0)]- (1.5) 


(Here equality of partial functions is intended: either both states are unde- 
fined at c, or both are defined and have the same value.) 

We now give the compositional definition of the occlusion function (non- 
trivial cases only). 


1. Choice connectives. 
D, cC = Co 
Occmgan(c) = 4 Occm(c), ce Cu 
Occu (c), cE Cn. 
2. Quantifiers Qax : X > X w {x}. 
Occg,2(co) = Ø. 


3. Parallel Composition y]||t) : X,WX2 > Yı WYə, where y: Xı > Yj, 
yp: X2 > Yo. Let M = [y], N = [y]. 


Occm(c) U Xe, c€ Cu 
Occy (c) U X4, cE Cn. 


Occagin (c) = [ 


4. Sequential Composition y -Y : X — Z, where y: X — Y and 
p:Y > Z. Let M = [y], N = [y]. 
Occm(c¢), c E€ Cm 


AE P NOcen(c)) U(X \ Y), ce Cn. 


5. Role Interchange. Occ#(,7) = Occm. 


The only case in the definition of the visibility function which needs to 
be revised to take account of the occlusion function is that for sequential 
composition: 


_ Samra) o 
ym-n(c)(5) = o. \S)Uy(e)(rn(s)), cE Cn 


where 


S={(c,v) € Dy | 3y € (Ocen(c) N (Y \ X)). bindm (y) = c’}. 
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IF-quantifiers. It is now asimple matter to extend the semantics to multi- 
agent versions of the IF-quantifiers. We consider a quantifier of the form 
Qat/Y:XWY — XWYwW {x}. Thus agent a is to make the choice for x, 
and must do so independently of what has been chosen for the variables in 
Y. The A-game M = |Qax/Y] is the same as for the standard quantifier 
Qaz, as are the bind and val functions. The difference is simply in the 


occlusion function: 
Occ m (co) =Y, 


This is then propagated by our compositional definitions into larger con- 
texts in which the quantifier can be embedded, and feeds into the partial 
information constraint (1.5) to yield exactly the desired interpretation. 


5 Compositionality Reconsidered 


The issue of compositionality for IF-logic has attracted some attention; see 
[Hi196]. In [Ho,97a], Hodges gives a compositional Tarski-style semantics 
for IF logic. The key idea is to work at the level of sets of sets of assignments, 
rather than the sets of assignments used in the standard Tarskian semantics. 
It is not immediately clear how this relates to our compositional account. 

In fact, this highlights an underlying issue which has perhaps thus far 
escaped the attention it deserves. One can distinguish two views on how 
Logic relates to Structure: 


1. The Descriptive View. Logic is used to talk about structure. This 
is the view taken in Model Theory, and in most of the uses of Logic 
(Temporal logics, MSO etc.) in Verification in Computer Science. It 
is by far the more prevalent and widely-understood view. 


2. The Intrinsic View. Logic is taken to embody structure. This is, 
implicitly or explicitly, the view taken in the Curry-Howard isomor- 
phism, and more generally in Structural Proof Theory, and in (much 
of) Categorical Logic. In the Curry-Howard isomorphism, one is not 
using logic to talk about functional programming; rather, logic (in this 
aspect) is functional programming. 


The present paper is largely informed by the second point of view, although 
we have also provided a basis for the first, in formulating a general com- 
positional account of valuations, in terms of which validity and equilibrium 
notions can be formulated. Our purpose, as already remarked in the In- 
troduction, is not to develop a modal logic (or similar) for talking about 
multi-agent games, but rather a logic whose semantics intrinsically has a 
structure of multi-agent games. This is in the same spirit as more familiar 


5 The discussion in this section was prompted by some insightful remarks and questions 
by one of the referees. 
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kinds of game semantics. Similarly, our account of IF constructs does not 
take the form of a logic which talks about agents with limited knowledge 
— hence some kind of epistemic logic — but rather a semantics which is 
intrinsically comprised of agents playing strategies subject to partial infor- 
mation constraints. These constraints were formalized in two distinct ways, 
the local and the global, in Section 3, and these two forms shown to be 
equivalent. 

The compositionality in our account occurs at several levels, correspond- 
ing to the levels of a Curry-Howard style interpretation of a logic (although 
we have not formulated a proof system on the syntactic side here): 


e Formulas are interpreted by games: this is the “static” part of our 
semantics, which is done compositionally. 


e Proofs, or witnesses or realizers for the truth, or more generally the 
outcomes of formulas, are embodied as strategies for the various play- 
ers. These strategies are defined compositionally in one of two ways: 
the global way, where the set of strategies for a given agent for each for- 
mula is defined in terms of the sets of strategies for the sub-formulas — 
this is analogous to realizability definitions; and the local way, where 
we take all strategies which satisfy the information constraints for the 
given agent — it is now these information constraints which must be 
defined compositionally. 


e The dynamic aspect of this level of the semantics is given by formal- 
izing the notion of playing the strategies in a profile off against each 
other to achieve an overall outcome. This definition, while made in 
a mathematically elegant denotational style, directly captures the op- 
erational content of the idea of agent interaction. It corresponds to 
the proof-theoretic dynamics of Cut-elimination, or to the realizability 
dynamics of applying a recursive function. 


e Finally, the valuations of the outcomes, from the point of view of each 
agent, are defined compositionally. This requires a proper treatment 
of the binding of variables to cells, and hence the developments of 
Section 4. 


6 Further Directions 


There are numerous further directions which it seems interesting to pursue. 
We mention a few: 


e Some extensions are quite straightforward. In particular, an extension 
of La with fixpoints 


pP(x1,...,Ln). p(P) 
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can be considered. The standard theory of solutions of domain equa- 
tions over CDS [KaoPl:193] can be used to extend the static semantics 
to such fixpoint formulas. Moreover, our semantic constructions work 
for arbitrary CDS with infinite states. The only point which needs 
to be reconsidered in this setting is how the valuation functions are 
defined. The best idea seems to be to define valuations on all states, 
not only maximal ones. The value space should itself include partial 
values and form a domain, and the valuation function should be con- 
tinuous. For example, we could take Va to be the interval domain 
I[0, 1] on the unit interval. 


An extension to full second-order logic, although technically more de- 
manding, is also possible [AbJa105]. 


e What is the full spectrum of possible connectives which can be used 
to explore the resources of our semantics? The logic £4 we have 
introduced is quite natural, but this question remains wide open. Here 
is one precise version: 


Question 6.1. Which set of connectives and quantifiers is descrip- 
tively complete, in the sense that every finite CDS is the denotation 
of a formula built from these quantifiers and connectives? 


Another dimension concerns the information-flow structures and con- 
straints expressible in the logic. The multiplicative connectives for 
sequential and parallel composition which we have studied are very 
basic. The parallel composition corresponds to the Linear Logic ®. 
The Linear Logic * does allow for information flow between the par- 
allel components; and there are surely a whole range of possibilities 
here. 


Problem 6.2. Classify the possibilities for multiplicative connectives 
and information-flow constraints in the semantic space of concurrent 
games and strategies. 


As one illustration, consider a connective M < N which combines 
features of sequential and parallel composition. The A-game is defined 
as for M||.N, while the visibility function yman is defined as for M-N. 
Play can proceed concurrently in both sub-games; there is information 
flow from M to N, but not vice versa. 


e We have only considered deterministic strategies in this paper. Mixed, 
non-deterministic, probabilistic, and perhaps even quantum strategies 
should also be considered. 
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e The whole question of proof theory for the logic L4 has been left open. 


In a sense, we have given a semantics of proofs without having given 
a syntax! How multi-agent proof theory should look is conceptually 
both challenging and intriguing. 


Viewed from a model-theoretic perspective, IF-logic seems dauntingly 
complex. Our more intensional and operational view may offer some 
useful alternative possibilities. Just as the shift from validity to model- 
checking often replaces an intractable problem by an efficiently solv- 
able one, so the shift from model-theoretic validity or definability of 
IF-formulas to constructing, reasoning about and running strategies 
for concurrent games described by proofs of formulas seems a promis- 
ing approach to making this rich paradigm computationally accessible. 


We may also seek to put our compositional analysis to use in ana- 
lyzing game-theoretical equilibrium notions in a multi-agent, partial 
information setting. It may be that the tools we provide would facili- 
tate an analysis by decomposition into subgames in a wider range of 
settings than classical game-theoretic methods allow. 


The logic and semantics we have developed appears to flow from very 
natural intuitions. These should be supported by a range of convincing 
examples and applications. 
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Abstract 


We study a system of modal logic for representing and reasoning in 
multi-agent systems. Building on dynamic action logic and Henkin 
quantifiers, we introduce a class of operators that present important 
features for capturing concurrency, independence, collaboration, and 
co-ordination between agents. The main goal of the paper is to intro- 
duce the formal semantics of these operators and to show how they 
can model different types of agents. This yields a way to directly com- 
pare a variety of phenomena in multi-agent systems. Some examples 
are given. 


1 Introduction 


For about 20 years we have witnessed an increasing interest in the formal 
study of phenomena comprising several entities which present independent 
and autonomous behavior like software agents, human beings, biological 
entities, social organizations, robots and stock markets [We,99]. 

In this research area, the issue of (true) concurrency has special interest 
since it puts at the center phenomena where several entities act simultane- 
ously perhaps affecting each other. This issue is coupled with the need to 
formalize group collaboration as well as group dynamics. Another challenge 
is the formalization of the independence of an agent from the others and 
from the groups of which it is a member. Modelling the choices an agent 
makes or can make depending on its “internal” status, its beliefs about 
the external world, its knowledge about (and relationship with) other enti- 
ties/agents is at the center of many representation problems. 

The usual logical machinery often requires the coexistence of logical op- 
erators (dynamic, temporal, epistemic, and deontic) in one and the same 


* The author has been supported by the projects TOCAI.IT (MIUR), MOSTRO and 
LIFOA (Provincia Autonoma di Trento). 


Johan van Benthem, Dov Gabbay, Benedikt Löwe (eds.). Interactive Logic. Proceedings of 
the 7th Augustus de Morgan Workshop, London. Texts in Logic and Games 1, Amsterdam 
University Press 2007, pp. 49-69. 
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language [vHVe202, vHWo303]. This strategy is not satisfactory because 
of the complexity of the logical systems thus obtained [Beo +02, vHWo303]. 
Furthermore, these logics are hard to compare to the point that the unifor- 
mity of the very phenomena at stake is lost in the different formalizations. 
An example is given by logics like ATL [AlgHe2Ku,02], CL, ECL [Pa702], 
ATEL [vHWo302], and STIT logic [Hog01, Br2He3Tr05] which deal with 
roughly the same type of scenario [Go2Ja204, W604]. 

Our work focuses on the formalization of multi-agent systems with par- 
ticular emphasis on concurrency, independence, collaboration, and coordi- 
nation issues. Our ideal scenario comprises a fixed set of agents that indi- 
vidually or in group, isolately or co-ordinated, take actions simultaneously 
and in this way determine the transitions between states of the system. The 
main goal of the paper is to show that the language we have developed has 
several natural interpretations which allow us to capture different types of 
agents while maintaining the very same syntax. The novelty is given by a 
new type of operators that combines modality with quantification. For this 
reason, these operators are called quantificational modal operators. 

In this approach, we take a general perspective and do not limit our 
work to a specific notion of agent (and so we are not going to give one). 
Note that, for presentation purposes, we often describe the agents as having 
some degree of rationality. This is not necessary but it helps in convey- 
ing the meaning of the operators. Also, in this paper we do not discuss 
proof-theoretical properties of the resulting logics. These interpretations 
correspond to quite different axiomatic systems and here we lack the space 
for their analysis. The interested reader can find in [Bo,05b] an axiomatic 
presentation of one of these systems. Finally, note that in this study we 
shall always stick to two-valued semantics. 

Structure of the paper. Section 2 first introduces the propositional frag- 
ment of the logic by defining the constant modal operators and, secondly, 
extends them with free variables. In Section 3, we present the full language 
by introducing the quantificational modal operators and then study alter- 
native interpretations for one-column operators. In Section 4 we briefly 
discuss the extension of these semantics to multi-column operators. The 
following section looks at a couple of examples. Finally, Section 6 relates 
our work to other logical approaches and adds some final remark. 


2 Basic modalities for MAS 


The modalities we want to study can be seen as an extension of Dynamic 
Action Logic, that is, the application of Dynamic Logic (DL) [Hai KogTi,00] 
to model actions. Similarly to DL, our basic operators, called constant 
modal operators, are modalities indexed by constant identifiers (denoting 
actions). However, these operators differ from those of DL in two aspects: 
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syntactically they require several constant identifiers to individuate even the 
simplest modalities, and semantically they are not associated to a unique 
interpretation. 

In a system of two agents, say 4, and 42, our modal operators have 
the shape of a 2 x n matrix (n > 0) where the first row lists the (constants 
denoting the) actions performed by agent A, in the order of their execution, 
and the second row lists the actions performed by agent 42. For instance 
the expression [¢} ¢3] is a modality corresponding to the state transition 
identified by the concurrent execution of action cı (by agent A1) and c2 
(by agent 42) followed by the concurrent execution of action c3 (by agent 
A) and c4 (by agent 42). Each entry of the matrix denotes an action and 
the combination of these actions characterises the meaning of the modal 
operator by identifying, in the usual Kripke style semantics, the accessibility 
relation associated with that operator. 

More generally, an operator in the shape of a k x n matrix is a modality 
for a system with k agents. It is always assumed that the number of rows in 
the operators matches the number of agents in the system (as a consequence 
all the operators in a language have the same number of rows). Also, each 
agent is associated to the same row in all operators. 


We now state this formally: 

Let PropId be a non-empty countable set, the set of proposition identi- 
fiers. Let ActId (disjoint from PropId) be a non-empty countable set whose 
elements are called action identifiers. These are the individual constants 
of the language. Following standard modal logic, complex formulas are 
generated inductively from proposition identifiers through the connectives 
of implication (—) and negation (=), and the modal operators described 
below. As usual, we shall make use of the standard conventions for A, V, e. 

Fix an integer k > 1 which, informally, is the number of agents in the 
system. A constant modality marker! for k is a k x n-matrix (n > 1) 


Q11 Q12 ` Gin 
Q21 Q22 ` G2n 
Akl k2 ` Akn 


where aij € ActId (aij, amn not necessarily distinct). 
A constant modal operator for k is an expression [M] where M is a 
constant modality marker for k. 


The set of k-formulas (formulas for short) is the smallest set Fp satisfying: 
I) Propld C Fy (the elements of Propld are called atomic formulas), 
II) If y and w are in Fy, then so are 7y and y > 4, 


1 Elsewhere we have been calling these constant modality identifiers. 
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III) If [M] is a constant modal operator for k and y is in Fy, then [M]y is 
in Fy also. 


The semantics is as follows: 

Fix a set Act of actions, we call k-action an expression in the shape 
of a k x n matrix (n > 1) over Act. A k-agent Kripke frame is a triple 
K = (W, Act; R) where W is a non-empty set (the set of states), Act is a 
non-empty set (the set of actions), and R is a function mapping k-actions 

a 
(over Act) of size k x 1 to binary relations on W, R| : | CW x W. 
Qk 

A k-agent Kripke structure is a tuple M = (W, Act; R,[-]) where 
(W, Act; R} is a k-agent Kripke frame and [-] is a function (the valuation 
function) such that |p] © W for p € Propld and [a] € Act for a € ActId. 


Let us write .4 for the first agent, ..., Ap for the kth agent. If agent A 
performs the action denoted by a1, agent A> the action denoted by agz,..., 


a1 


a2 
agent A, the action denoted by az, we write | . | for the modal operator 


ak 
describing the evolution of the system which is determined by the concurrent 
execution of actions [ai],..., [ax] by agents 4,...,A,, respectively. That 
a. [ai] 
‘ ; ‘ a|. ; [a2] 
is, the interpretation of | . | is k-action . . 
ak [ex] 
Function [-] is extended inductively to multi-column operators in the 
language as follows: if [A] is a multi-column operator obtained by juxtapo- 
sition of constant modality markers B and C (i.e. [A] = [BC]), then we put 


R({A]) = R([B]) o R([C]). More formally, 


a11 lai] a11 412 *** Gin a11 a12 Qin 

a21 [a2] Q21 Q22 ` G2n a21 a22 a2n 
=def . ) . . . =def 

ak1 [ex] Akl k2 ` Akn ak1 ak2 akn 


Note that we write [M] instead of [[M]]. 


The truth value of a formula is defined inductively: 


1. Let p € Propld, then M, s = p if s € [p] 


2. M,s = ~o if M, s E p 
3. M,s = y > y if M,s E p or M,s = 4 
4. M,s H [Aly if M, t H ¢ for all t € W such that (s, t) € R([A]) 
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A k-agent Kripke model for a set of formulas © in the language is a 
k-agent Kripke structure M such that all formulas y € X hold in all states 
of M (i.e., are valid in M). 

As anticipated, the language here presented modifies the basic fragment 
of DL. However, the major novelty, we believe, lies in the change of per- 
spective it pushes for: we need k action identifiers (or multiples of k) to 
describe the evolution of the whole system since only the combination of all 
concurrent actions can provide this information. Also, this formalism pro- 
vides a more acceptable notion of action since the outcome of the execution 
of a € Act by an agent is not determined by a alone. 

Now we extend the constant operators by allowing the occurrence of 
free variables. This extension is a first step to introduce quantificational 
operators, a move we shall motivate in next section. 

Fix a new set Var = {x,y,z,...} of variables. Let S be an environment 
function from the set Var to the set Act and let a modality marker be any 
kxn matrix defined as before but this time with condition a;,; E€ ActIdU Var 
(for all relevant indices i, j). The extension of the set of k-formulas Fẹ to 
include these modalities is trivial. Their interpretation requires the new 
function Š, that is, now relation |= is defined over the triple M,s,&%. For 
instance, clause 4. becomes: M, s, S H [M]y if M,t,3 = ọ for all t € W 
such that (s,t) € R([M]) where [xz] = S(x) when x € Var. The remaining 
clauses are analogous to 1-3 above. 


3 Quantificational modal operators 


Our next goal is the introduction of quantificational modalities in the logic 
of Section 2. The basic idea is to enrich modality markers with a form of 
generalized quantifiers introduced by Henkin in [He:161]. 

Henkin quantifiers are matrices of standard quantifier prefixes? such as 


Vay Azs Arg 
es Vy2 a2 ) . (1.1) 


Syntactically these are unary operators, that is, if (H) is a Henkin quan- 
tifier and y is a formula, then (H)y is a formula as well. There is no re- 
striction on the number or position of the quantifiers V and 3 in the matrix 
but no variable may occur more than once. 

It is well known that Henkin quantifiers are more expressive than stan- 
dard quantifiers [Kr2Mo,495] and we take advantage of their strength to 
ensure row independence in the modalities (which, in turn, models the 
independence of the agents from each other). Consider a modality with 


2 We follow common practice and use the term ‘Henkin quantifiers’ although these are, 
properly said, Henkin prefixes. Also, note that the matrix form can be relaxed as we 
do in formula (1.3) below. 
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constants and free variables (as described at the end of Section 2), say 
Tı a T3 
F y2 1, | Po: (1.2) 


The occurrence of a free variable in entry A(i,7) of the matrix suggests 
that the jth action that agent 4; is going to perform has not been fixed. One 
can leave it undetermined meaning that this action depends on the model’s 
environment function. Alternatively, one may want the agent herself to 
decide which action to perform. In the latter situation, we want to model 
whether the agent decides in favor or against the realization of po since po 
is implicitly ‘proposed as a goal’ by that modal formula. For this reason, 
we combine modal operators and (a version of) Henkin quantifiers as in the 
following expression 


‘ee Vy2 =e: ) eee: (1.3) 
where, of course, each agent is associated to the same row in both the Henkin 
quantifier and the modality. In this expression, a free variable £p in position 
(i, j) indicates that the agent .4; at step 7 performs the action S(x), i.e., 
the action determined by the model’s environment function. A constant c in 
position (i, j) indicates that the agent 4; at step j performs the action [c]. 
Finally, a quantified variable x; in position (i,j) indicates that the agent 
A, chooses what to perform at step j and the specific quantifier marks the 
attitude of that agent (at this time-step) toward formula po. More precisely, 
if Jx, occurs, at time-step j agent 4; chooses an action with the intention 
of making po true. Instead, if Vz, occurs, the same agent chooses an action 
randomly.? 

Here we propose a restriction of this language that consists in merging 
Henkin quantifiers and modality markers into a unique operator, called 
quantificational modal operator. Thus, instead of formula (1.3) we write 


3 
| Vya an | Po- (1.4) 
Following the above discussion, we shall say that po is a goal for agent 4; 
at time j if an existentially quantified variable occurs at position (i,j) of 
the modality, and that po is not a goal (at that time for that agent) if an 
universally quantified variable occurs instead. 


Definition 3.1. A quantificational modality marker is a k x n matrix with 
each entry containing an action identifier, a variable, or a quantified variable 


3 Informally, she chooses according to her goals. The occurrence of ‘Y’ tells us that po is 
not a goal for this agent when choosing at this position in the matrix. Thus, from the 
local perspective given by the formula one can think that the agent chooses randomly 
at time-step j. A view that further justifies our adoption of the symbols V and J. 


Quantificational Modal Operators 55 


provided a variable occurs at most once in a marker. A quantificational 
(modal) operator is an expression [M] where M is a quantificational modality 
marker. 

We write QOP for the set of quantificational modal operators, OP for 
the quantificational operators where no variable occurs quantified. 


The set Fẹ of k-formulas is defined as in Section 2 but in clause III) 
we now use the larger class of quantificational operators. The scope of 
the modal operator is the formula to which it applies. The scope of a 
quantifier in a modal operator is the scope of the modal operator itself. 
Note that we inherit from the Henkin quantifiers the general proviso on 
variable occurrence in quantificational modality markers (and equivalently 
in quantificational modal operators). 

It remains to discuss the semantics of this language. Below, we inves- 
tigate alternative interpretations for the quantificational operators starting 
with one column modalities. We anticipate, at the informal level, that the 
interpretation in a structure M = (W, Act; R, [-]) of a quantificational op- 


ži a Ax 


Se Wala l; takes two steps. In the first step one interprets 


erator, say | 


formula (ay, vi = ) yp with y = E i a po. The second step amounts 


to the evaluation of the formula | yt y2 A po obtained by using the values 


chosen at the first step for the interpretation of the bound variables. The 
precise formulation in different cases (all restricted to one-column operators) 
is given below. Note also that we restrict our examples to two-agent sys- 
tems. However, the argument is easily generalized to an arbitrary number 
of agents. 


3.1 Risk-averse co-ordinated agents 


We begin with an interpretation that follows from the classical meaning 
of the quantifiers J and Y. This view relies on what actions exist without 
considering agents’ strategies or capacities. 

Fix a structure M for two agents, say 4, and A, and let [b] = 8. First, 


we look at Es po. This formula holds at a state s if and only if there exists 


an action a such that po is true at all states t with (s,t) € R (3): Such a 
formula is read: “there exists an action a such that after agent 4, executes 
a and (concurrently) agent 4) executes 3, po holds”. Similarly, formula 


hal po corresponds to: “for any action a, after agent 4, executes it and 


4 It follows from the previous discussion that a quantified variable in the modal operator 
stands for a quantifier prefix (bounding the occurrences of the variable in the scope of 
the modality) and for a bound occurrence of that very variable (whose value is needed 
in this position to interpret the modal operator itself). 
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(concurrently) agent A executes 3, po holds” since it is true at a state s if 
and only if for all actions a, po is true at all states t with (s,t) € R (F 
If we assume that the agents form a coalition or, more generally, are 
coordinated whenever they both have po as goal, we have that [z] po is 
true if there exist actions a and 8 (not necessarily distinct) such that po 
y 
is now obvious: it is true if po is true in any state reachable from s via any 


transition. 
An important issue arises when considering operators where both quan- 


holds in all states reachable through (5) . The meaning of formula be Po 


tifiers occur as, for instance, in formula Ea po. To establish the truth 
value of this formula at a given state we have two options. One can verify 
that a value 8 for y exists such that po is true in all states reachable through 


( : ) for any a. An alternative is to state the formula true if for every action 


a, there exists 8 such that po is true in all states t with (s,t)E R (3): 


By embracing the first interpretation, one extends the semantics of Sec- 
tion 2 with the following clause for quantificational one-column operators 
(for multi-column operators further issues must be addressed, see Section 4): 


51. Let [X] be a quantificational operator with existentially 
quantified variables 2,,...,2, and universally quantified 
variables yi,...,ys (r,s > 0). Then M,s,3 = [X]y if: 
there exist a1,...,a@, € Act such that for all 61,..., 8s € 
Act, if T is the k-action obtained by substituting a; for 3x4, 
B; for Vy;, and [ca] for each action identifier or free variable 
Cn in [X] (for all relevant indices 7, j, h), then for all (s,t) € 
R(T), M,t,3* = p where S*(a;) = ai, S*(y;) = 8j, and 
S* (z) = S(z). 


This semantic clause puts strong constrains on the (one-column) modal 
operators to the point that it suffices to enrich the basic language of Sec- 
tion 2 with the quantifiers of standard first-order logic to eliminate the need 
of quantificational modalities. Indeed, clause 5; corresponds to the inter- 
pretation obtained by replacing quantified variables in the operator with a 
sequence of standard quantifiers as shown, in a two-agent system, by the 
following function 71: 


p => p (for p atomic) (1 
=p +> (p) (21) 
gob = nle) > nl) (31) 
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ore A 
Va 


y p poy dyVax 


da Ti 


We dub the agents satisfying clause 5; the risk-averse co-ordinated 
agents: “risk-averse” because they choose independently of others’ deci- 
sions as 7, makes clear in (51) and (61). They are “co-ordinated” because, 
whenever they have a common goal, if possible they execute actions that 
combined allow them to reach that goal: case (71). Indeed, if agents 4, and 
A aim at making a formula true, then they behave like a coalition. 


Note that the following formula-schema holds for clause 51: 


va | Po > | 3x | Po- 


3.2 Isolated agents 


da 
b 


saying that at a state s agent 4, can choose an action a such that po is true 
at t for all (s,t) € R (3): That is, this time formula E Po corresponds 


Let us go back to formula | ] po. We now want to interpret this formula as 


to reading “agent 4, can choose an action such that after agent 4, executes 


it and (concurrently) agent Æ executes 3, po holds”. 
Va 
b 


matter the action that agent 4, can choose, after agent A executes it and 
(concurrently) agent 4) executes 8, po holds”. Since we do not put re- 
strictions on the actions an agent can choose or execute, all the actions are 
possible and must be considered to evaluate the truth value of this formula, 
i.e., we end up with the following reading: “after agent A executes some 
action and (concurrently) agent A, executes 3, po holds”. 


a 


Regarding formula | | po, informally here we read it as follows: “no 


The meaning of kA po is quite natural at this point: “no matter which 


action agent A, executes and (concurrently) which action agent Ay executes, 
po holds in the reached states”. That is, with the above assumptions, the 
notion of ‘choice’ does not affect the meaning of ‘V’. For operators where 


both quantifiers occur, consider first ee po. Here if the agents choose 
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independently (not knowing each other’s doing), for the formula to be true 
the second agent has to find an action @ such that for all actions a and all 


(s,t)ER (a) po holds at t. Analogously, for Al po. 


Finally, formula fa po is true if the agents can choose actions, say a 
and 8 (possibly the same), such that po is true at any state t such that 
(s,t)ER (3): i.e. “for all choices œ made by 4 and all choices 3 made by 


Ay, after A, has executed a and Ag has (concurrently) executed 8, po holds”. 
From our reading, we know that .4; and Az have po as (common) goal and, 
similarly to Section 3.1, we may further establish that they co-operate (or 
not). However, now we are not in a position to provide a formal definition 
yet. It remains to be explained what it means that the very agents ‘can 
choose’. 


For the time being, let us assume that 


1) all elements in the quantificational modal operators (in particular, all 
action identifiers) are known to all agents 


2) all agents choose independently and without communicating (in partic- 
ular, they do not co-operate nor co-ordinate) 


The goal is to extend the semantics of Section 2 to formulas with quantifi- 
cational operators in such a way that these assumptions are captured. 

First, we fix a new function €, called choice function. The intent is that € 
codifies the behavior of the agents by providing the choices the agents make. 
Function € takes as arguments: (1) the modal operator, (2) its scope formula 
and (3) the variable x, which implicitly gives the agent’s index i. Also, 
since the choices of the agents may depend on their knowledge about the 
state of the system and other agents’ actions, we furnish € with two further 
arguments: (4) the actual state w and (5) subsets of {1,...,&} x Var x Act. 
The reason for this last argument will be discussed in Section 3.3. On 
input ([M], p, x,w, K), with K C {1,...,k} x Var x Act, € returns pairs 
(x,a) € Var x Act.© Thus, given a variable x in row i of a formula y, € 
provides the agent A;’s choice(s) for this variable taking into account other 
information like the actual state. (Since argument (5) is not relevant in this 
section, for the time being we take K = Ø.) 


5 More generally (as will be seen later), € takes sets of variables as third argument thus 
we should write {x}. 

6 For each a occurring in the third argument, € returns one or more pairs (x, a) with 
a € Act. Admittedly, one may want to generalize the choice function even further to 
capture some special case. However, the one we have introduced here suffices for a 
large class of multi-agent systems. 
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52. Let [X] be a quantificational operator with existentially 
quantified variables 71,...,2, and with universally quan- 
tified variables y1,...,ys (r,s > 0). Then, M,s,3 = [X]y 
if: for all ay,...,a, € Act such that a; E€ €([X], p, £i, s, Ø) 
and for all 61,..., 8s € Act, if T is the k-action obtained 
by substituting a; for 3x;, 6; for Vy;, and [cp] for each 
action identifier or free variable c, in [X] (for all relevant 
indices i,j,h), then for all (s,t) € R(T), M,t,3* H » 
where S*(x;) = a;i, S*(y;) = Bj, and S* (cn) = S (cr). 


Let @ = ay,...,a, and @& = a}, ..., Q} be two r-tuples in Act. A fusion 
I 


of & and a’ is a r-tuple &” = a{f,...,a/’, where a} € {aj, ai}. 
Proposition 3.2. If both @ and a’ satisfy the condition in clause 52, then 
any fusion of @, a’ satisfies it as well. 


Informally, this property shows that the agents described by clause 52 can- 
not communicate and, consequently, we say that the agents described by 
this clause are isolated. 

Unlike in the previous section, in the semantics given by 52 formulas 


po> | : | po; |: | po—> ||| Da (1.5) 


are not valid since the choice function € may be sensitive to the occurrences 
of quantifiers in [X]. This result is motivated by the following scenarios. 

Two people, Rı and R2, are celebrating some achievement. Rı brought 
a cake for the occasion. We write po for “the cake is sliced.” 

In the first scenario, Ro does not care about cutting the cake and this 
is known to ®. A formula that correctly models this situation contains 
a quantificational operator with an existential quantifier in the first row 
(the row associated to R1). The different attitude of ® is described by the 
occurrence of an universal quantifier in the second row. The formula is: 


lea po. Things change if Rə also wants the cake to be cut. This second 


scenario is described by the formula Ed po. 


We now use these scenarios to prove that formula Ea Po > [z] Po 


fails. In the antecedent Ea Po, Rı has the goal of getting the cake cut. 


Since the other agent does not have such a goal, ®; chooses to execute 
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FIGURE 1. The ‘cake slicing’ frame (The actual state is double circled.) 


the action ‘cut the cake’ which ensures the satisfaction of po in the next 
state. In the consequent, Rı and Rə have the same goal and this is common 
knowledge because of point 1) of page 58. Since they both have the same 
goal, ® chooses not to cut the cake to let Rə do the honors. For the same 
reason, Ro decides not to cut the cake. Since nobody performs the action of 
cutting the cake (recall this is a single time-step with concurrent actions) 
the consequent formula turns out to be false. (Clearly, one can reformulate 
the example using an action like ‘write in memory slot #321’ which fails 
whenever two agents try to perform it at the same time.) 


Let us see how function € looks for these agents. 

The attitude of both agents can be described by the informal rule “cut 
the cake unless somebody else is willing to do it”. In a structure as depicted 
in Figure 1 where po is false at s and true at s’, and the possible actions 
are c,€ (c stands for “cut the cake” and £e for “do nothing”), function € is 
given by 


da 
© €(| vy] P02, 8,2) ={(2,0)} 
(agent Rı, who has to decide the value of x, chooses c since agent Rə 


is not committed to get the cake cut as recognizable by the universal 
quantifier in the second row); 


3 
s e(z] „poy; s, Ø) 7 {(y, ©), (y,€)} 
(agent Ro may perform any action since po is not her goal); 


s e([3] > Po, T, s,2) == {(x,£)} 
(agent Rı decides not to cut the cake: Rə is going to ensure it since it 
is her goal as recognizable by the existential quantifier in the second 
row); 


J 
e ¢((3, | „poy; s, Ø) = {(y, €)} 
(agent Ry decides not to cut the cake: Rı is going to ensure it since 
it is her goal as recognizable by the existential quantifier in the first 
row). 
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Function € provides a new parameter in the interpretation of the quan- 
tificational operators. Clause 52 is thus a schema that matches a variety of 
k-agent systems depending on the parameter € and relationship = should 
have € as index. Note that, due to the complexity of behaviors that function 
€ may encode, it is not possible to discharge quantificational operators in 
this semantics. The analogous of function 7, of Section 3.1 that is faithful 
for 52 may not exist. 

Clause 52 is more general than 5,. In particular, € can formally capture 
cooperation. The collaboration among the agents is obtained by taking the 
whole set of variables of the collaborating agents as third argument for €. 
That is, € provides the variable instantiations for all the agents at once by 
outputting a set {(£1,@&1),---, (£r, @r)}. We do not discuss the import of 
assumptions 1) and 2) further. Instead, below an alternative semantics is 
given since it sheds light on another issue. 


3.3 Optimistic co-ordinated agents 


In the discussion of Section 3.1, we mentioned two interpretations for the 
operators where both universal and existential quantifiers occur. One leads 
to clause 51. The other interpretation is rendered by a different function, 
here called 73, whose definition follows from that of 7, provided cases (51) 
and (61) are substituted by 


[eje > wafi] no (6s) 
jg EAA vz3y [5] 73(9): (63) 


respectively. 


Here is the semantic clause that matches function 73: 


53. Let [X] be a quantificational operator with existentially 
quantified variables 71,...,2, and universally quantified 
variables y1,..., Ys (r,s > 0). Then 
M,s,S H [X]y if: for all 61,...,8, € Act, there exist 
Q1,...,@, E Act such that if I is the k-action obtained 
by substituting a; for 3x;, 6; for Vy;, and [cp] for each 
action identifier or free variable c, in [X] (for all relevant 
indices i,j,h), then for all (s,t) € R(T), M,t,3* H ẹ 
where S*(#;) = aj, S*(y;) = Bj, and S*(z) = S(z). 


This clause captures the simple possibility for a given formula to be true. 
For instance, consider the paper/scissor/stone game. If po stands for “Ay 


wins”, then formula ea po is valid according to this latter semantics and 
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tells us that one has always a chance to win a play of this game. However, 
the same formula is false for 5, since that clause requires the existence of a 
winning strategy for each possible play. 

As before, one can restate clause 53 using function € explicitly. In 
this case the fifth argument of € is crucial. This argument provides ex- 
tra knowledge that the agents have while making their choices. In clause 
53, the agents choosing for the existentially quantified variables are aware 
of the choices made for the universally quantified variables even though 
they are done concurrently. This information is provided by set K = 
U, {(R, y1, 81), (h, Y2, B2), ---, (h, ys, 8s) } where h ranges over the indeces 
of the agents associated to a universally quantified variable (such a gener- 
ality allows us to directly extend the function to multi-column operators). 
Co-ordination is ensured by providing the whole set of variables x1,..., £r 
as third argument as we have seen in the reconstruction of 5; within clause 
52. 

We dub the agents satisfying 53 the optimistic co-ordinated agents. 


We conclude this section with an observation. The difference between 
clause 5; and 53 corresponds to the difference between a-ability (effective- 
ness) and (-ability applied to coalitions (cf. [vVHW0o0305] and the references 
therein). It is fairly easy to rewrite schema 52 and the conditions on pa- 
rameter € to capture (-ability. 


4 Knowing the past, reasoning about the future 


Consider a constant two-column’ operator E e |, call it [C]. From the 
definition of the valuation function and clause 4 of Section 2, multi-column 
constant operators split into simpler operators without loss of information. 
The following formula is valid 


laa]e=[a] [ale 
This equivalence does not hold for quantificational operators though, i.e. 


in general 
[Mi Maly # [Mı] |M2]Y (Mı, M2 E QOP). (1.6) 


One reason is that the order of instantiation of quantified variables may 


change in the two formulas. For instance, evaluating formula ea yea yp 


with clause 5, we instantiate first variables x1, y2 and only later x2 and yj. 
The instantiation order for the same clause becomes 2}, yi, Y2, £2 when we 


T We give examples using two-column operators. The generalization to n-column oper- 
ators is often straightforward although some care is needed. 
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consider formula EA tA y. This is not so for other semantic alterna- 


tives and one is free to adopt or reject a constraint like (1.6) by selecting 
an appropriate semantics. 

It should be clear by now that to establish the truth value of a formula 
where the constant operator [C] occurs, it is necessary to consider all the 
action identifiers (and their positions) occurring in [C]. For instance, know- 
ing that c1, c3 are the actions executed by agent 4 (in that order) does not 
suffice to know which states are reachable. 


cy dx 


Informally, the formula E a ] po means: “first, agent A, executes c1 


and (concurrently) agent A executes c2, then agent .4; chooses and executes 
an action and (concurrently) agent 4, executes c4”. In the light of the 
previous section, one can interpret the existential quantifier in different 
ways. The set of choices for x will depend on what agent .4; knows about 


the formula itself and in particular about operator E a For if she is 


aware of the presence of c1,C2,c4 and of their positions, she can use the 
semantic clauses to verify if there is an action that executed after c1, forces 
the system to states satisfying po. Agent 4, might rely on default rules (or 
preferences) when she lacks some information about the components of the 
operator. 

To establish the truth value of the formula, it is important to state what 
agent .4, knows (or does not know) about the operator. Several options are 
possible. For instance, assuming perfect recall, one can assume that agent 
A, is aware that cı is in position (1,1) of the modality marker since she 
has just executed that action. If 4, and Æ are totally isolated agents, then 
one can assume that agent .4, has no information about what A> has done 
earlier, that is, she has no knowledge on the content of position (2,1) of the 
operator. Analogously for 4. If 4; and A are isolated but can observe each 
other’s doings, at entry (1,2) agent 4, knows that c2 is in position (2,1). 
For the simple reason that 4, and Az act concurrently, agent 4, does know 
what A is going to execute as second action only if they are co-ordinating 
or action c4 is public knowledge.® We conclude pointing out that also the 
quantifiers occurring in the operator may be hidden. After all, an agent 
may be aware or unaware of the changes of attitude in the other agents at 
different times including, perhaps, her own (past or future) changes. 


8 Most of these features are captured using the fifth argument of function €. Also, 
note that in Section 2 we implicitly assumed that the action identifiers in the quan- 
tificational operator are known to all the agents, they are public knowledge. This 
assumption is dropped here. Indeed, one may have a commitment to do a specific 
action c; at some point and prevent other agents from knowing it or knowing when 
that action will take place. The semantic clauses we introduced can be modified to 
mirror these cases. 
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5 Modeling with quantificational operators 


Our first example is in the area of planning. There are two agents, say 
Anthony (A) and Bill (42), and a project that must be finished by a certain 
time. Let us say that there are 3 time-steps before the deadline (step-1, step- 
2, and step-3) and that Anthony cannot work at the project at time-step 1 
since at that time he has to meet his doctor. We use action identifier a for 
the action Anthony does at this step. Later, he is working full time on the 
project. Regarding Bill, he will work on the project except at the time-step 
2 when he has to meet with the office manager. Bill does not know what the 
meeting is about. We represent this case in our language with the following 
formula (y stands for “the project is finished” ): 

[piz] (1.7) 

The first row describes Anthony’s attitude toward the project during 
the three time-steps, while the second row describes Bill’s attitude. Note 
that the universal quantifier marks the time-step when Bill acts without 
regards for the project since his action at that time depends on what his 
office manager asks him to do. If Anthony and Bill are risk-averse and co- 
operative agents, all the actions that instantiate variables x, z, y, v should be 
chosen together as described by clause 51, where we now allow [X] to bea 
multi-column quantificational operator (the clause applies to multi-column 
operators without change). If the two agents work independently from each 
other (non co-operative agents), then we should adopt clause 53 (which also 
extends to multi-column operators). 

We may want to model the case where the agents have a predefined plan 
for the first two time-steps only. For instance, suppose they agreed on a plan 
the day before when they knew they where going to be in different places 
during time-steps 1 and 2 without the possibility of sharing information. 
Also, let us assume that after time-step 2 they meet so that the decision 
about the third time-step can be postponed to that time. This situation is 
described by formula 

a da dz 
[ z] [3] p. 


Note the change of the order in which quantified variables are instantiated: 
the value of u is known when choosing a value for z and v (Section 4). 
The second example we consider comes from robotics. Here there are 
two agents whose goal is to pick up an object but none of them can do it 
alone. If y stands for “the object is lifted”, the situation is described by 


formula 
[3] eai] i] (1.8) 
Consider interpretation 51. If (1.8) is true, the agents can execute actions 
that make y true (first conjunct) but the first or the second agent cannot 
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bring about y without the collaboration of the other agent (second and third 
conjuncts). It is possible to make a stronger claim adding the following as 


conjuncts: [3] ry, [3] ay. These tell us that each agent can force y to 


be false, i.e., each can prevent the system from reaching any state where y 
holds. 


6 Related work and conclusions 


We looked at the variety of semantics for quantificational operators ex- 
tending the work in [Bo,05a]. [B0103] provides an interpretation for the 
quantificational modal operators that relies entirely on game-theoretic se- 
mantics. [Bo,05b] studies the formal properties of an interpretation along 
the lines of 51. in the framework of standard Kripke semantics. 

The formalism we adopted has been influenced by the notion of Henkin 
(branching) quantifiers [He;61, Wa270]. Note that there is an ontologi- 
cal discrepancy between the notion of agent in multi-agent systems (where 
agents are internal components) and the formal notion of player as used 
in game-theory (players are external components that act to interpret the 
formalism); a distinction that has not received enough attention in the lit- 
erature. 

A modal version of Hintikka Independent-friendly logic [Hi Sa496], which 
comprises Henkin quantifiers, has been proposed in [BroFr402b]. The aim 
of the authors is to isolate a notion of bisimulation (model equivalence) that 
corresponds to their modal system. Related to our work is also the logic 
ATL [Al2He2Ku;02] and its extension ATEL [vHWo302]. The relationship 
is better analyzed through Coalition Logic (CL) introduced in [Pa702]. The 
connections between CL and ATL are presented in [Go201, Go2Ja204]. In- 
terestingly, the encoding of CL into our formalism enables the use of Kripke 
structures for CL. (More precisely, CL is semantically equivalent to a frag- 
ment of our logic with the semantics given by clause 51, cf. [Bo,07]). Other 
frameworks, like KARO [vLvHMe398] and the variety of systems following 
the BDI approach [Ra3Ge,91] or the Intention Logic [Co Le, 90], adopt com- 
binations of different modalities or exploit full first-order logic. These are 
very expressive systems and differ in their motivations from our approach. 
We refer the reader to [vHVe202, vHWo303, vDvHKo,07] for overviews on 
this area of research. 


We have shown how to produce different interpretations for modal op- 
erators built out of action identifiers, variables, and quantified variables. 
Our stand is that when there is a number of practical constraints to cap- 
ture, semantic pluralism could help. We showed how the same language 
can distinguish and characterize different systems in a flexible way making 
it possible to describe uniformly what might seem a plethora of heteroge- 
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neous cases. Then, formal and reliable comparisons of apparently disparate 
phenomena become possible at the semantical level. Our approach has some 
drawbacks as well. The quantificational operators inherit some restrictions 
of Dynamic Logic, in particular the rigid structure in finite steps. (Exten- 
sions with constructs on action identifiers or temporal modalities have not 
been studied yet.) On the technical side, although adding quantificational 
modal operators does not make the resulting logic necessarily undecidable, 
this happens in many cases when equality (over action) is present. For in- 
stance, one can see that the theory in [Bo,03] is undecidable by embedding 


first-order logic augmented with a binary predicate via A(z, y) —> [5 | Po; 


for some atomic po. For an example in the opposite sense, [Bo 05b] gives a 
complete and decidable logic for the class of multi-relational Kripke frames. 
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Abstract 


We revisit Kuhn’s classic theorem on mixed and behavior strategies 
in games. We frame Kuhn’s work in terms of two questions in decision 
theory: What is the relationship between global and local assessment 
of uncertainty? What is the relationship between global and local 
optimality of strategies? 


This note is a homage to Kuhn’s classic theorem on the replacement of 
mixed by behavior strategies in games [Kuo50, Kuo53]. It reframes Kuhn’s 
work as two results in decision theory—i.e., in the context of trees involving 
a decision maker and Nature. The motivation is to see the meaning of 
Kuhn’s work at this basic level. 

The decision-theoretic framing in this note is in accordance with the so- 
called epistemic approach to game theory. Under the epistemic approach, 
a game is a multi-player decision problem—more exactly, a collection of 
decision problems, one for each player. In line with decision theory, a player 
is assumed to form a (subjective) probability assessment over the strategies 
chosen by other players in the game, and to choose an optimal strategy under 
this assessment. The questions à la Kuhn are then: (a) the relationship 
between global and local assessments; and (b) the relationship between 
global and local optimality. 

The epistemic approach is ‘the other way round’ from the traditional 
approach to game theory. Under the traditional approach, we talk about 
a mixed strategy of a player, not another player’s global assessment of the 
first player’s deterministic choice of (pure) strategy. Likewise, we talk about 
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a behavioral strategy of a player, not another player’s system of local as- 
sessments about the first player. The mixed-behavioral framing is Kuhn’s, 
of course. 

In Section 5, we expand on the significance for Kuhn’s Theorem of taking 
an epistemic perspective on games. 


A T 
Global assessment 
Non 


Under perfect recall and 
non-triviality for Nature 


a 
Local optimality Global optimality 
Sa 


Under perfect recall and non- 
triviality for the decision maker 


FIGURE 1. Summary of results 


Figure 1 is a summary of the two results we cover. Each result is in 
two parts. For the first, we have: (i) Given a system of local probability 
assessments by the decision maker, i.e., an assessment over Nature’s moves 
at each of Nature’s information sets, there is a global assessment over Na- 
ture’s strategies (“states”) that yields the same probability of each path 
through the tree. (ii) If Nature has perfect recall and all chance nodes are 
non-trivial, then, given a global assessment by the decision maker, there is 
an equivalent system of local assessments. For the second result, we have: 
(i) If a strategy of the decision maker is locally optimal, i.e., optimal at 
each information set of the decision maker, then it is globally (“ex ante”) 
optimal. (ii) If the decision maker has perfect recall and all decision nodes 
are non-trivial, then, if a strategy is globally optimal, it is locally optimal. 

There is also a sufficiency result (which follows from part (ii) of the first 
result): Assume perfect recall and non-triviality for Nature. Then, it is 
enough to know the system of local assessments associated with any global 
assessment, to know which strategies are globally optimal. Putting this 
together with part (ii) of the second result gives: Assume perfect recall and 
non-triviality for both the decision maker and Nature. Then, to determine 
if a strategy is locally optimal, it is enough to know the system of local 
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assessments of the decision maker. 
We acknowledge that much (all?) of the contents of this note may be 
well known. Still, we hope that a self-contained presentation will be useful. 


1 Decision Trees 


A decision tree will be a two-person game in extensive form, where one 
player is the decision maker and the other is Nature. We now give formal 
definitions following Kuhn [Kuo50, Kuo53] (also the presentation in Hart 
[Ha492]). 


Definition 1.1. A (finite) decision tree consists of: 


(a) A set of two players, one called the decision maker and the other 
called Nature. 


(b) A finite rooted tree. 


(c) A partition of the set of non-terminal nodes of the tree into two subsets 
denoted N (with typical element n) and M (with typical element m). 
The members of N are called decision nodes, and the members of 
M are called chance nodes. 


(d) A partition of N (resp. M) into information sets denoted I (resp. J) 
such that for each I (resp. J): 


(i) all nodes in I (resp. J) have the same number of outgoing 
branches, and there is a given 1-1 correspondence between the 
sets of outgoing branches of different nodes in I (resp. J); 


(ii) every path in the tree from the root to a terminal node crosses 
each I (resp. J) at most once. 


Note: The focus of the well-known literature on the “paradox of the 
absent-minded driver” (Piccione and Rubinstein [PipRu,97]) is on non- 
Kuhn trees—specifically, trees that fail condition (d.ii) above. (See also 
Isbell [Is57].) We consider only Kuhn trees. 

For each information set I (resp. J), number the branches going out 
of each node in I (resp. J) from 1 through #I/ (resp. #J) so that the 1-1 
correspondence in (d.i) above is preserved. 


Definition 1.2. A strategy (of the decision maker) associates with each 
information set J, an integer between 1 and #1, to be called the choice of 
the decision maker at I. Let S denote the set of strategies of the decision 
maker. A state of the world (or state) associates with each information 
set J, an integer between 1 and #J, to be called the choice of Nature at 
J. Let denote the set of states. 
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Note that a pair (s,w) in S x Q induces a unique path through the tree. 


Definition 1.3. Fix a path p through the tree and a strategy s. Say p is 
allowed under s if there is a state w such that (s,w) induces p. 


Definition 1.4. Fix a path p through the tree and a state w. Say p is 
allowed under w if there is a strategy s such that (s,w) induces p. 


Definition 1.5. Fix a node n in N and a strategy s. Say n is allowed 
under s if there is a state w such that the path induced by (s,w) passes 
through n. Say an information set J is allowed under s if some n in I is 
allowed under s. 


Definition 1.6. Say the decision maker has perfect recall if for any strat- 
egy s, information set J, and nodes n and n* in J, node n is allowed under 
s if and only if node n* is allowed under s. 


Definition 1.7. Say a node n in N is non-trivial if it has at least two 
outgoing branches. 


Definition 1.8. Fix a node m in M and a state w. Say m is allowed 
under w if there is a strategy s such that the path induced by (s,w) passes 
through m. Say an information set J is allowed under w if some m in J 
is allowed under w. 


Definition 1.9. Say Nature has perfect recall if for any state w, infor- 
mation set J, and nodes m and m* in J, node m is allowed under w if and 
only if node m* is allowed under w. 


Definition 1.10. Say a node m in M is non-trivial if it has at least two 
outgoing branches. 


Example 1.11. Figure 2 depicts a case of imperfect recall for the decision 
maker. (The circular node belongs to Nature and the square nodes belong 
to the decision maker.) Let s be the strategy that chooses B at information 
set I (and b, say, at information set I’). Then node n is allowed under s 
but node n* is not. 


Example 1.12. Figure 3 is the standard example of imperfect recall for 
Nature. Let w be the state that chooses U at information set J (and u, say, 
at information set J’). Then node m is allowed under w but node m* is 
not. 


Define a relation of precedence on information sets I of the decision 
maker, as follows: Given two information sets J and I’, say that I pre- 
cedes I’ if there are nodes n in J and n’ in J’ such that the path from the 
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FIGURE 2. 


FIGURE 3. 


root to n’ passes through n. It is well known that if the decision maker 
has perfect recall and all decision nodes are non-trivial, then this relation 
is irreflexive and transitive, and each information set J has at most one 
immediate predecessor. (Proofs of these assertions can be constructed from 
arguments in Wilson [Wig72]. See also the appendix to this note.) Of 
course, the parallel statements hold for Nature. 

In [Kuo53], Kuhn observes that perfect recall implies that a player re- 
members: (i) all of his choices at previous nodes; and (ii) everything he 
knew at those nodes. The following two lemmas formalize these observa- 
tions. (The proofs are in the appendix.) Again, parallel statements hold for 
Nature. (Lemma 1.13 will be used later.) 


Lemma 1.13. Suppose the decision maker has perfect recall and all deci- 
sion nodes are non-trivial. Fix information sets I and I’, and strategies s 
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and s’. Suppose that I’ is allowed under both s and s’, and I precedes I’. 
Then J is allowed under both s and s’, and s and s’ coincide at T. 


Continuation of Example 1.11. Let s choose T at I, and s’ choose B 
at I. Then J’ is allowed under both s and s’, as is J. But s and s’ differ at 
I. So Lemma 1.18 fails without perfect recall. In words, the decision maker 
forgets at I’ whether he chooses T or B at I. 


Next, write 
[I] = {w : I is allowed under w}. 


Lemma 1.14. Suppose the decision maker has perfect recall and all deci- 
sion nodes are non-trivial. Fix information sets J and I’. If I’ succeeds J, 
then [I’] c [J]. 


Continuation of Example 1.11. We have [J] = {D} and [J’] = {U, D}. 
So Lemma 1.14, too, fails without perfect recall. In words, the decision 
maker knows at I that Nature doesn’t choose U, but forgets this at I’. 


A brief comment on the literature on these ‘structural’ aspects of per- 
fect recall. Bonanno makes a nice distinction between “action” and “choice” 
[Bo004]. (The same action can be taken at different information sets.) He 
offers definitions of “knowing the actions you previously took” and “know- 
ing what you previously knew”, and shows that together these conditions 
characterize perfect recall. Ritzberger provides several characterizations of 
perfect recall [Rip99]. Van Benthem studies game trees as structures for log- 
ical languages, and, in particular, provides a dynamic epistemic logic-based 
axiomatization of games satisfying perfect-recall like conditions [vBO1a]. 
Also related are the temporal logics in Halpern, van der Meyden, and Vardi 
[HagvMVa04]. See [Boo04, Section 6] for further discussion of the literature. 


2 Global and Local Probabilities 


We now define the global and local probabilities on the tree, and then state 
Kuhn’s Theorem. 


Definition 2.1. A global probability measure on the tree is a probability 
measure on the set of states Q. 


Definition 2.2. A system of local probability measures on the tree asso- 
ciates with each information set J of Nature, a probability measure on the 
set of choices at J. 


Fix a global measure g, and a system of local measures 7(-; J). Fix also a 
path p through the tree. Let J; be the first information set of Nature crossed 
by p, and let jı be the choice at Jı that lies on p. Define J2, jo,...,JK,7K 
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similarly, where Jx is the last information set of Nature crossed by p, and 
jk is the choice at Jg that lies on p. (Note this is well defined, by condition 
(d.ii) of Definition 1.1. Also, we don’t indicate the dependence of the indices 
1,...,& on p, but no confusion should result.) 


Definition 2.3. The global probability of p is 
A(p; 7) = o({w : p is allowed under w}). 


Definition 2.4. The local probability of p is 


ma 


u Th J), 0(; JK)) = | | Tk; Je). 


k=1 


Continuation of Example 1.12. To practice these definitions, let ø 
assign probability 1/2 to (U,u) and probability 1/2 to (D,d). Also, let 
mw(U; J) = 1(D; J) = 1/2, and r(u; J’) = a(d; J’) = 1/2. Suppose p is the 
path induced by (U,u). Then the global probability of p is A(p;o) = 1/2, 
and the local probability of p is w(p;7(-; J), 7-3 J')) = 1/2 x 1/2 = 1/4. 


We now state Kuhn’s Theorem in the form of the following two results, 
and give proofs in the notation of this note. 


Theorem 2.5. Fix a system of local measures 7(-; J). There is a global 
measure o such that for any path p, 


A(p; o) = wp; n; J), (5 Jg)). 


Proof. It will be convenient to write Q as a product space [ |; C(J), where 
C(J) denotes the set of choices at information set J. Given a state w, 
write w(J) for the Jth coordinate of w, i.e., the choice w makes at J. Set 
o(w) = [[, 7(w(J); J). This is readily seen to define a probability measure 
on Q. 

Now fix a path p, and let Ji, j1,..., Jg, jg be defined as earlier. For 
k=1,...,K, let 

Ax = {w : w(Jp) = jr}. 


Note that o( Ax) = t(jnj3 Jk). The set of w such that p is allowed under w 
AK : : 
is (\,_, Ar, and, since ø is a product measure, 


K K 


(Ñ as) = 


k= 


K 
o(Ax) = | | 70r; Je), 
k= 


k=1 


as required. Q.E.D. 
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We need one more definition, used in the proof of the next result. 


Definition 2.6. Fix a global measure ø and an information set J. The 
localized probability measure at J is given by 


Gils o({w: J is allowed under w, and w(J) = 7}) 
UE re o({w: J is allowed under w}) ; 
if o({w : J is allowed under w}) > 0. If o({w: J is allowed under w}) = 0, 


define z(-; J,a) arbitrarily. 


Theorem 2.7. Suppose Nature has perfect recall and all chance nodes are 
non-trivial. Fix a global measure ø. There is a system of local measures 
m(-; J) such that for any path p, 


H(p TE Ji)... TC; JK)) = A(p; 0). 
Proof. Fix a path p and J1, j1,..., Jg, jg as earlier. Let 


B = {w : p is allowed under w}, 
Cpr = {w : Jpg is allowed under w, and w(Jp) = jk}, 


Dy = {w : Jpg is allowed under w}, 


for k=1,..., K. 

We show that for k = 1,...,K — 1, Ck C Dk+1. Suppose p passes 
through node m in Jy. Fix w such that Jz is allowed under w. Then by 
perfect recall, node m is allowed under w. That is, there is a strategy s such 
that the path induced by (s,w) passes through m. Let (s’,w’) induce the 
path p. Then s and s’ coincide at all information sets of the decision maker 
crossed by p from the root to m. Indeed, we can take s = s’. We know that 
w' (Jp) = jr. Therefore, if w(Jk) = jk, the path induced by (s’,w) coincides 
with the path induced by (s’,w’), from the root to J,41. Certainly then, 
Jx41 is allowed under w, as required. 

We next show that for k = 1,...,K — 1, Deai C Cp. Let (s’,w’) be as 
above, so that certainly Jzi1 is allowed under w’. Fix w such that Jk+1 is 
allowed under w. Since J, precedes Jg41, Lemma 1.13 (stated for Nature) 
implies that: (i) J, is allowed under w; and (ii) w and w’ coincide at Jp, 
i.e., w( Jg) = Ji: 

We now have that for k = 1,...,K — 1, Ck = Dk+1. By definition, 
Ck C Dp for each k. This shows that the C;’s are a decreasing sequence. 

Given a global measure ø, define a system of local measures 7(-; J) by 
setting m(-; J) = a(-3 J, o). 

Note that Cx = B, since Jg is the last information set of Nature crossed 
by p. It follows that if A(p; 0) = o(B) > 0, then o(C;) > 0 and o(D;,) > 0 
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for each k. We then have 


K 
E E OTS (2.1) 


But the numerator of each term in (2.1) cancels with the denominator of 
the next term, leaving 


o(Cx) 


Mein St) GIK)) = To 


We already have o(Cx) = o(B). Also, Dı = Q, since Jı is the first 
information set of Nature crossed by p, so o(D,) = 1. This establishes that 


ulm 7(-; J1),..., (5 JK)) = o(B) = A(p; 0), (2.2) 


as required. 

Now suppose X(p;o) = o(B) = 0. If o(Dp) > 0 for each k, we still get 
(2.1), from which we get (2.2), and so p(p;7(-; Ji),..-,7(5 JK)) = 0, as 
required. We have o( D1) = 1, so the remaining case is that o(Dp) = 0 for 
some k = 2,..., K. Choose the minimum such k. Then o(Dzg_1) > 0. Also 
a(Cr_-1) = 0, since Cy_1 = Dg. Thus m(jg—1; Jk-1) = o(Ck-1)/o(Dk-1) = 
0, so that pu(p; 7(-; J1),..-,7(-; Jx)) = 0, as required. Q.E.D. 


Continuation of Example 1.12. Theorem 2.7 fails without perfect recall. 
To see this, let o assign probability 1/2 to (U,u) and probability 1/2 to 
(D,d), as before. Then, in particular, we need 1(U; J) x m(u; J’) = 1/2, 
m(U; J) x a(d; J’) = 0, and (D; J) x a(d; J’) = 1/2, which is impossible. 


3 Global and Local Optimality 


Next we define global and local optimality of a strategy of the decision 
maker. 


Definition 3.1. A payoff function (of the decision maker) is a map V : 
SxQ — R satisfying V(s,w) = V(s’,w’) whenever (s,w) and (s’,w’) induce 
the same path. 


Definition 3.2. Fix a probability measure ø on Q. A strategy s is globally 
optimal under ø if 


ye a(w)V(s,w) > 5 o(w)V(r, w) 


weEQ we 


for every other strategy r € S. 


80 A. Brandenburger 


FIGURE 4. 


Definition 3.3. Fix a probability measure o on Q. Fix also a strategy s 
and an information set J that is allowed under s and satisfies o([{I]) > 0. 
Then s is locally optimal at J under ø if 


dE ool) sw) = SF oll) V(r, w) 


wEQ wEQ 


for every other strategy r € S under which J is allowed. Strategy s is locally 
optimal under o if for every information set I that is allowed under s and 
satisfies o([{I]) > 0, it is locally optimal at J under ø. 


In words, a strategy is globally optimal if it is expected-payoff maxi- 
mizing under the (unconditional) measure ø. It is locally optimal if it is 
expected-payoff maximizing under each conditional measure o(w|[J]) that 
is defined (and where J is allowed under the strategy). 


Example 3.4. Figure 4 is Figure 2 with payoffs added for the decision 
maker. Let o assign probability 2/3 to U and 1/3 to D. Then Tt, Bt, Tb, 
and Bb yield expected payoffs of 4/3, 5/3, 2/3, and 1/3, respectively—so 
Bt is (uniquely) globally optimal under ø. 

As noted before, [I] = {D} and [I’] = {U, D} = Q. So, o([Z]) > 0 and 
o({I’]) = 1. Also, both I and J’ are allowed under all four strategies. It 
follows that local optimality at I’ is the same as global optimality. At I, we 
find that Tt, Bt, Tb, and Bb yield conditional expected payoffs of 0, 1, 2, 
and 1, respectively—so, in fact, no strategy is locally optimal under ø. 
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Theorem 3.5. Fix a probability measure ø on 2. If a strategy s is locally 
optimal under øg, then it is globally optimal under ø. 


Proof. Partition Q into cells [o,,...,Jz, where w € Ig, for some l = 
1,..., L, if Ig is the first information set of the decision maker allowed 
under w, and w € Ip if there is no information set of the decision maker 
allowed under w. 


Write 
L 


YE o(w)V(s,w) = SF (el) SF ole] (s, w), 

wen £=0 wen 
where we take o(-|[I¢]) to be arbitrary if o([I¢]) = 0. Suppose s is locally 
optimal under o, but not globally optimal under o. Then there must be 
another strategy r such that 


X o(w)V(r,w) > So ow)V(s,w). 


weEQ wE 


But 
L 


Yo eV (r, w) = SO o (el) SF ole] V(r, w), 
wEN £=0 wEQ 
so there must be €=0,..., L such that o([Jz]) > 0 and 


X a(o EV (r, w) > X owd) (s, w). 


wEQ wEQ 


Note that in fact 1 < £ < L, since, on Ig, V(-,w) is independent of the 
strategy. Since it is a first information set of the decision maker, Ie must be 
allowed under r. This implies that s is not locally optimal under ø at Ie, a 
contradiction. Q.E.D. 


Theorem 3.6. Suppose the decision maker has perfect recall and all deci- 
sion nodes are non-trivial. Fix a probability measure ø on 2. If a strategy 
s is globally optimal under ø, then it is locally optimal under ø. 


Notes: (i) By finiteness, a globally optimal strategy always exists under 
any ø. So Theorem 3.6 implies, in particular, that under the given condi- 
tions a locally optimal strategy also exists under any ø. (ii) Kline [K1,02] 
contains a stronger result, based on a weakening of perfect recall. 


Proof. Suppose that s is globally optimal and that, contra hypothesis, there 
is an information set I allowed under s and satisfying o([I]) > 0, such that 


Yo oH (sw) < SF ool r w) (3.1) 


wEQ wEQ 
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for some other strategy r € S under which 7 is allowed. 

Construct the strategy q that coincides with r at J and all succeeding 
information sets of the decision maker, and coincides with s elsewhere. 

We first show that if w € [J], then V(q,w) = V(r,w). 

From w € [J], there is a node nı in J and a strategy sı such that the 
path induced by (s1,w) passes through nı. Since I is allowed under s, there 
is anode ng in J and a state w2 such that the path induced by (s, w2) passes 
through nə. By perfect recall, there is then a state wg such that the path 
induced by (s,w3) passes through nı. Now consider the information sets I’ 
crossed by the path from the root to nı. Since the paths induced by (s1, w) 
and (s,w3) both pass through nı, the strategies sı and s must coincide at 
these sets. Similarly, consider the information sets J crossed by the path 
from the root to nı. Since the paths induced by (s;,w) and (s,w3) both 
pass through nj, the states w and w3 must coincide at these sets. Therefore, 
the path induced by (s,w) must pass through nı. 

We can repeat the argument with strategy r in place of strategy s, to 
conclude that the path induced by (r,w) must also pass through nı. But 
then, using the definition of strategy q, the paths induced by (q,w) and 
(r,w) must be the same. Thus V(q,w) = V(r,w), as required. 

Next, we show that if w € Q\[J], then V(q¢,w) = V(s,w). From w € 
Q\[Z], the path induced by (s,w) does not cross J, and therefore does not 
cross any information set of the decision maker that succeeds J. Consider 
the information sets J’ that are in fact crossed by the path induced by (s, w). 
By construction, the strategies q and s coincide at each such J’. Thus the 
paths induced by (q,w) and (s,w) are the same, and so V(q,w) = V(s,w), 
as required. Write 


Yo o&)V aw) 


wE, 


= o((]) X olf) a w) + o(Q\]) SF oWIQ\L)V (a, w), 


weEQ wEQ 


where o(-|Q\[Z]) is arbitrary if o(Q\[Z]) = 0. We have 


So o(w)V(q,w) 
wEQ 
= o([I)) $ owl (r, w) + (OAH) $ ow (s, w) 
wWEQ wWEQ 
> o([Z]) X oll) (s, w) + o(OA H) $ ow) (s, w) 
wEQ wEQ 


= 5 a(w)V(s,w), 


we 
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where the inequality uses (3.1) and o([J]) > 0. But this contradicts the 
global optimality of s. Q.E.D. 


Continuation of Example 3.4. Theorem 3.6 fails without perfect recall 
(for the decision maker). Indeed, we saw that only Bt is globally optimal, 
but it is not locally optimal at J. 


4 A Sufficiency Result 


We now establish a sufficiency result: Assume perfect recall and non-triv- 
iality for Nature. Then, it is enough to know the localized probabilities 
associated with any probability measure, to know which strategies are glob- 
ally optimal. 

First some notation. As in Section 2, given a path p, write Jı for the 
first information set of Nature crossed by p,..., Jg for the last information 
set of Nature crossed by p (and suppress the dependence on p). Also, in 
this section it will be helpful to write W (p) for the payoff V(s,w), if (s,w) 
induces the path p. 


Definition 4.1. Fix two (global) probability measures o and 7 on Q. Say 
a and 7 are locally equivalent if for each path p, A(p;o) > 0 if and only 
if A(p;7) > 0, and, in this case, 


Hp; 7(+5J1,0),---,7(5 Jx,0)) = alpin Ji, 7),---, (5 Jx,T)). 


In words, two measures are locally equivalent if they give rise to the same 
localized probability of each path that gets positive (global) probability. 


Example 4.2. In the tree in Figure 5, let o assign probability 1/2 to (U, u) 
and probability 1/2 to (D, d), and 7 assign probability 1/4 to each of (U, u), 
(U,d), (D,u), and (D, d). It can be checked that o and 7 are locally equiv- 
alent. 


Here is the sufficiency result: 


Theorem 4.3. Suppose Nature has perfect recall and all chance nodes are 
non-trivial. Let ø and T be probability measures on Q that are locally 
equivalent. Then for any strategy s, 


NS olw) V (s,w) = 5 T(w)V(s,w). 
weEQ wE 
Proof. Write 
X o(w)V(s,w) = 5 5 o(w)W (p). (4.1) 


we {p: p is allowed under s} {w: (s,w) induces p} 
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FIGURE 5. 


Now, if (s,w) induces p, then certainly p is allowed under w. Conversely, 
suppose p is allowed under w. That is, there is an s’ such that (s’, w) induces 
p. Suppose also that p is allowed under s. That is, there is an w’ such that 
(s,w’) induces p. It follows (by arguing forwards along the path p) that 
(s,w) must also induce p. Using the definition of A(p; ø), this establishes 
that (4.1) can be rewritten as 


X o(w)V(s,w) = 5 A(p; o)W (p). (4.2) 
wEQ {p:p is allowed under s} 
By the same argument we can write 
X rw)V(s,w) = 5 A(p; T)W (p). (4.3) 
wEQ {p:p is allowed under s} 
Fix a path p. By the proof of Theorem 2.7, 
Ap; o) = wp; 751, 0),---, TC; IK,0)), (4.4) 
A(T) = wp; nh Ji, T), --- 103 JK, T)). (4.5) 


Fix a path p. Using local equivalence, we have either: (i) A(p;a) = 
A(p; T) = 0, or (ii) A(p; o) > 0 and A(p; T) > 0. In case (ii), A(p; o) = A(p;7), 
by (4.4), (4.5), and local equivalence again. Thus (i) and (ii) together 
establish that (4.2) and (4.3) are equal, as required. Q.E.D. 


Corollary 4.4. Suppose Nature has perfect recall and all chance nodes 
are non-trivial. Fix probability measures ø and 7 on Q that are locally 
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equivalent. Then a strategy s is globally optimal under ø if and only if it is 
globally optimal under rT. 


Continuation of Example 4.2. Theorem 4.3 and Corollary 4.4 fail with- 
out perfect recall (for Nature). The measures o and 7 as above are locally 
equivalent. Yet T yields an expected payoff of O under g, and an expected 
payoff of 3/2 under 7. (So B is globally optimal under ø, while T is globally 
optimal under 7.) 


5 Discussion 


Corollary 4.4 and Theorem 3.6 can be put together as follows: Assume 
perfect recall and non-triviality for both the decision maker and Nature. 
Then, to determine if a strategy is locally optimal, it is enough to know the 
localized probabilities of the decision maker. 

For (even local) optimality, then, the analyst need only know how the 
decision maker sees the tree locally. We don’t need to know the decision 
maker’s global assessment of the tree. 

But this does assume perfect recall and non-triviality. Perfect recall 
for the decision maker has a clear interpretation as a memory requirement 
(refer back to the end of Section 1 and also the references there). But what 
does perfect recall for Nature mean?! We’ll give an answer for the game 
context, as analyzed under the epistemic approach. 

For the application of the decision tree set-up (Definition 1.1) to a game, 
the decision maker is to be thought of as one player, Ann say. All the re- 
maining players—Bob, Charlie, ...—are grouped together as Nature. This 
is because, under the epistemic approach, the strategies chosen by Bob, 
Charlie, ... are jointly uncertain as far as Ann is concerned, and so subject 
to joint probability assessment. 

When, then, might Nature have perfect recall? One case is if there is just 
one other player, Bob, and he has perfect recall. The situation is different 
if there are two or more other players, even if each of these players has 
perfect recall. For example, suppose in Figure 5 that Ann chooses T or B, 
Bob chooses U or D, and Charlie chooses u or d. Then Bob and Charlie 
each has perfect recall, but if Ann assigns probability 1/2 to (U,u) and 
probability 1/2 to (D, d), there is no equivalent local assessment. 

We could require Ann’s global assessment to be a product of a global 
assessment of Bob’s strategy and a global assessment of Charlie’s strategy. 
Then, working with each assessment separately, we could find an equivalent 
local assessment. But an independence requirement like this is not in the 
spirit of the epistemic approach to games, which treats correlations as the 
norm. 


1 I am grateful to a referee for asking this question. 
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Of course, there will be special cases where ‘overall’ perfect recall still 
holds. (An obvious one is if the game has perfect information.) But, in 
general, we should work with global not local assessments by the players. 


Appendix 


Lemma A1. Suppose the decision maker has perfect recall and all decision 
nodes are non-trivial. Fix an information set J, nodes nı and nə in J, and 
an information set I’ containing a node ng on the path from the root to ny. 
Then there is a unique node in J’ (not necessarily distinct from n3) lying 
on the path from the root to nə. 


Proof. First note that by part (d.ii) of Definition 1.1, there cannot be more 
than one node in J’ lying on the path from the root to nə. 

Now suppose, contra hypothesis, there is no node in I’ lying on the 
path from the root to ng. Let c denote the choice at ng that lies on the 
path to nı. By non-triviality, there is a choice d, different from c, at I’. 
Construct a strategy s as follows: (i) at I’, let s specify the choice d; (ii) 
at an information set crossed by the path from the root to nga, let s specify 
the choice that lies on this path; (iii) at any other information set, let s be 
arbitrary. (Note that, by hypothesis, the information set I’ does not fall 
under (ii), so s is well defined.) By construction, the node nə is allowed 
under s, while nı is not allowed under s. This contradicts perfect recall. 

Q.E.D. 


Lemma A2. Suppose the decision maker has perfect recall. Fix an in- 
formation set J and nodes nı and nz in J. Fix also an information set J’ 
containing nodes ng and n4 (not necessarily distinct) where ng lies on the 
path from the root to nı, and n4 lies on the path from the root to ng. Then 
the choice at ng that lies on the path to nı is the same as the choice at n4 
that lies on the path to nə. 


Proof. Let c be the choice at ng that lies on the path to n1, and let d be the 
choice at n4 that lies on the path to n2. Suppose, contra hypothesis, that 
c#d. Construct a strategy s as follows: (i) at an information set crossed by 
the path from the root to ng, let s specify the choice that lies on this path; 
(ii) at any other information set, let s be arbitrary. Note that s specifies d 
at I’. It follows that nz is allowed under s, while nı is not allowed under s. 
This contradicts perfect recall. Q.E.D. 


We use Lemmas Al and A2 in the proofs below of Lemmas 1.13 and 
1.14 in the text. We also note that Lemma A1, together with part (d.ii) 
of Definition 1.1, easily implies the facts stated in Section 1: The prece- 
dence relation on information sets is irreflexive and transitive, and each 
information set J has at most one immediate predecessor. 
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Proof of Lemma 1.18. Since I’ is allowed under s, there is a node nį in I’ 
and a state wı such that the path induced by (s,w1) passes through n}. 
Likewise, since I’ is allowed under s’, there is a node n5 in I’ and a state w2 
such that the path induced by (s’,w2) passes through n. Since I precedes 
I’, there are nodes n in J and n’ in I’ such that the path from the root to 
n’ passes through n. 

Lemma A1 then implies that there is a node nı in I (not necessarily 
distinct from n) lying on the path from the root to n}. That is, the path 
induced by (s,w1) passes through nı. This establishes that I is allowed 
under s. 

Likewise, Lemma A1 implies that there is a node ng in I (not necessarily 
distinct from n) lying on the path from the root to n4. That is, the path 
induced by (s’,w2) passes through nə. This establishes that I is allowed 
under s’. 

Lemma A2 implies that the choice at nı that lies on the path to nj, is 
the same as the choice at nə that lies on the path to nj. Thus s and s’ 
coincide at I. Q.E.D. 


Proof of Lemma 1.14. Consider a state w in [J’]. By definition, there is a 
node n’ in I’ and a strategy s such that the path induced by (s,w) passes 
through n’. 

Since I precedes I’, there are nodes nı in J and ng in I’ such that the 
path from the root to n2 passes through nı. 

Lemma A1 then implies there is a node ng in I (not necessarily distinct 
from nı) such that the path from the root to n’ passes through ng. That is, 
the path induced by (s,w) passes through ng. Thus w lies in [J], as required. 

Q.E.D. 
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Abstract 


In an influential paper entitled “How much memory is needed to 
win infinite games”, Dziembowski, Jurdzinski, and Walukiewicz have 
shown that there are Muller games of size O(n) whose winning strate- 
gies require memory of size at least n!. This shows that the LAR- 
memory, based on the latest appearance records introduced by Gure- 
vich and Harrington, is optimal for solving Muller games. We review 
these results and reexamine the situation for the case of infinitary 
Muller games, i.e. Muller games with infinitely many priorities. We 
introduce a new, infinite, memory structure, based on finite appear- 
ance records (FAR) and investigate classes of Muller games that can 
be solved with FAR-memory. 


1 Introduction 


We study two-player games of infinite duration that are played on finite or 
infinite game graphs. Such a game is determined if, from each position, 
one of the two players has a winning strategy. On the basis of the axiom of 
choice it is not difficult to prove that there exist nondetermined games. The 
classical theory of infinite games in descriptive set theory links determinacy 
of games with topological properties of the winning conditions. Usually 
the format of Gale-Stewart games is used where the two players strictly 
alternate, and in each move a player selects an element of {0,1}; thus the 
outcome of a play is an infinite string m € {0,1}”. Gale-Stewart games can 
be viewed as graph games, for instance on the infinite binary tree, or on 
a bipartite graph with four nodes. Zermelo [Ze13] proved already in 1913 
that if in each play of a game, the winner is determined already after a 
finite number of moves, then one of the two players has a winning strategy. 


* This research has been partially supported by the European Community Research 
Training Network “Games and Automata for Synthesis and Validation” (GAMES). 


Johan van Benthem, Dov Gabbay, Benedikt Löwe (eds.). Interactive Logic. Proceedings of 
the 7th Augustus de Morgan Workshop, London. Texts in Logic and Games 1, Amsterdam 
University Press 2007, pp. 89-116. 
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In topological terms the winning sets in such a game are clopen (open and 
closed). By a celebrated theorem due to Martin [Ma775] every game where 
the winning condition is given by a Borel set is determined. 

For game theory that relates to computer science, determinacy is just 
a first step in the analysis of a game. Rather than in the mere existence 
of winning strategies, one is interested in effective constructions of reason- 
ably simple winning strategies. An aspect of crucial importance for the 
complexity of a strategy is its dependency on the history of the play. 

In general, strategies may be very complicated functions that can depend 
on the entire history of the play. However, in many cases, simple strategies 
suffice. Of particular interest are positional strategies for which the next 
move depends only the current position, and not at all on previous history. 
That is, a player moving according to a positional strategy f will at a 
position v always perform the same move v — f(v) no matter how often 
and by what path position v has been reached. A game is positionally 
determined, if from each position, one of the two players has a positional 
winning strategy. Another important case are finite-memory strategies for 
which the dependency on the history can be calculated on the basis of a 
finite set of memory states and which can thus be implemented by a finite 
automaton. 

Positional determinacy and determinacy via finite-memory strategies 
have been extensively studied for games whose winning conditions are de- 
fined in terms of a mapping that assigns to each position a priority from 
a finite set C. Specifically, in Muller games the winner of a play is deter- 
mined by the set of those priorities that have been seen infinitely often. It 
has been proved by Gurevich and Harrington [Gu;Ha282] that Muller games 
are determined via finite memory strategies that are based on a data struc- 
ture called latest appearance records (LAR). Intuitively a latest appearance 
record is a list of priorities in the order in which they have last occurred 
in the play. Thus, on n priorities, an LAR-memory has n! memory states. 
Dziembowski, Jurdziriski, and Walukiewicz [DzJugWas97] have shown that 
LAR-strategies are essentially optimal for Muller games. 


Theorem 1.1. There exists a sequence (Gr )new of Muller games such that 
the game graph of Gn is of size O(n) and every winning strategy for Gn 
requires a memory of size at least n! 


In particular, Muller games need not be positionally determined, not 
even for solitaire games (where only one player moves). An important spe- 
cial case of Muller games are parity games. These are games with a priority 
labelling Q assigning to each position v a priority Q(v) € {0,...,d}, for 
some d € N, and with parity winning condition: Player 0 wins a play ~ if 
the least priority occurring infinitely often in 7 is even. Parity games are of 
importance for several reasons. 
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(1) Many classes of games arising in practical applications admit reduc- 
tions to parity games (over larger game graphs). This is the case for 
games modelling reactive systems, with winning conditions specified in 
some temporal logic or in monadic second-order logic over infinite paths 
(S1S), for Muller games, but also for games with partial information ap- 
pearing in the synthesis of distributed controllers. 


(2) Parity games arise as the model checking games for fixed point logics 
such as the modal p-calculus or LFP, the extension of first-order logic 
by least and greatest fixed points [EmJu1Si301, Gro05]. In particular 
the model checking problem for the modal ju-calculus can be solved in 
polynomial time if, and only if, winning regions for parity games can 
be decided in polynomial time. 


(3) Parity games are positionally determined [EmJu,91, Mo,491]. This is 
a game theoretical result of fundamental importance and with great 
algorithmic relevance. 


To establish positional determinacy or finite-memory determinacy is a 
fundamental step in the analysis of an infinite game, and is also crucial for 
the algorithmic construction of winning strategies. In the case of parity 
games with finitely many priorities the positional determinacy immediately 
implies that winning regions can be decided in NP N Co-NP; with a little 
more effort it follows that the problem is in fact in UP N Co-UP [Juo98}. 
Further, although it is not known yet whether parity games can be solved 
in polynomial time, all known approaches towards an efficient algorithmic 
solution make use of positional determinacy. The same is true for the effi- 
cient algorithms that we have for specific classes of parity games, including 
parity games with a bounded number of priorities [Juo00], games where 
even and odd cycles do not intersect, solitaire games and nested solitaire 
games [Be2Gro04], and parity games of bounded tree width [Ob03)], bounded 
entanglement [Be2Gro05], or bounded DAG-width [Be2+06, Ob06}. 

For several reasons it is interesting to generalise the theory of infi- 
nite games to the case of infinitely many priorities. Besides the theoret- 
ical interest, winning conditions depending on infinitely many priorities 
arise naturally in several contexts. In pushdown games, stack height and 
stack contents are natural parameters that may take infinitely many val- 
ues. In [CagDuoTh02], Cachat, Duparc, and Thomas study pushdown 
games with an infinity condition on stack contents, and Bouquet, Serre, 
and Walukiewicz [Bo4Se; Wa503] consider more general winning conditions 
for pushdown games, combining a parity condition on the states of the un- 
derlying pushdown automaton with an unboundedness condition on stack 
heights. Similarly, Gimbert [Gip04] considers games of bounded degree 
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where the parity winning condition is combined with the requirement that 
an infinite portion of the game graph is visited. 

A systematic study of positional determinacy of games with infinitely 
many priorities has been initiated in [GrgWa;06]. It has been shown that 
there are interesting cases where positional determinacy is a consequence of 
the winning condition only, holding for all game graphs. Most notably this 
is the case for the parity condition on w. Moreover a complete classification 
of the infinitary Muller conditions with this property has been established 
in [GroWa;06] and it has been shown that all of them are equivalent to a 
parity condition. 

Whereas the proof for the positional determinacy of parity games with 
priorities in w is somewhat involved, it is quite easy to construct games with 
infinitary Muller winning conditions whose winning strategies require infi- 
nite memory. For instance there are very simple max-parity games (where 
the maximal priority seen infinitely often determines the winner) with this 
property (see Section 4). Nevertheless, the required (infinite) memory struc- 
tures are often quite simple. In some cases it is enough to store just the 
maximal priority seen so far. In other cases a tuple (of fixed length) of 
previously seen priorities suffices to determine the next move of a winning 
strategy. This motivates the introduction of a new memory structure for 
winning strategies, that we call finite appearance records (FAR) which gen- 
eralise the LARs used for finitary Muller games. We determine some classes 
of Muller games that can be reduced to parity games via FAR-memories. 
These include games where the winning condition is a downward cone, a 
singleton condition, a finite union of upwards cones, or consists of finitely 
many winning sets only. Further the same property holds for all max-parity 
games where the difference between the priorities of any two consecutive 
positions is bounded. 


Here is an outline of this paper. In Section 2 we present the technical 
definitions on games, winning strategies, memory structures and game re- 
ductions. In Section 3 we survey the case of Muller games with finitely many 
priorities and present proofs of two classical results of the field. First we 
show that Streett-Rabin games are positionally determined for one player 
(which also implies that parity games are positionally determined for both 
players). Second, we describe the LAR-memory and show how Muller games 
can be reduced, via LAR-memory, to parity games. In Section 4 we briefly 
survey the results from [GroWas506] on parity games and Muller games 
with infinitely many priorities. In Section 5 we introduce finite appear- 
ance records and FAR-memory structures. Finally, in Section 6 we analyse 
some classes of Muller games that can be solved with FAR-memories. 
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2 Games, strategies, and memory structures 


We study infinite two-player games with complete information, specified by 
a triple G = (G,Q,W) where G = (V,Vo,Vi, E) is a game graph, equipped 
with a partioning V = Vo U Vy of the nodes into positions of Player 0 
and positions of Player 1, where Q : V — C is a function that assigns to 
each position a priority (or colour) from a set C, and where W specifies 
a winning condition. The pair (G,Q) is called the arena of the game. In 
case (v,w) E€ E we call w a successor of v and we denote the set of all 
successors of v by vE. To avoid tedious case distinctions, we assume that 
every position has at least one successor. A play in G is an infinite path 
vov... formed by the two players starting from a given initial position vo. 
Whenever the current position v; belongs to Vo, then Player 0 chooses a 
successor Uj41 E€ vE, if vi € Vi, then vi+1 € vE is selected by Player 1. 
The winning condition describes which of the infinite plays vgv; ... are won 
by Player 0, in terms of the sequence 2(v9)Q(v1)... of priorities appearing 
in the play. Thus, a winning condition is given by a set W C CY of infinite 
sequences of priorities. 

In traditional studies of infinite games it is usually assumed that the 
set C of priorities is finite, although the game graph itself (i.e., the set of 
positions) may well be infinite. This permits, for instance, to specify winning 
condition by formulae from a logic on infinite paths, such as LTL (linear 
time temporal logic), FO (first-order logic), or MSO (monadic second-order 
logic) over a vocabulary that uses the linear order < and monadic predicates 
P, for each priority c € C. 

A (deterministic) strategy for Player o in a game G = (V, Vo, Vi, E, Q) 
is a partial function f : V*V, — V that maps initial segments vov... Um 
of plays ending in a position Um € Vs to a successor f(vo... Um) E UmE. A 
play vov1--: € VY” is consistent with f, if Player o always moves according 
to f, i.e., if Um+1 = f(vo...Um) for every m with Um € Vs. We say that 
such a strategy f is winning from position vo, if every play that starts at 
vo and that is consistent with f, is won by Player o. The winning region 
of Player ø, denoted W,, is the set of positions from which Player ø has a 
winning strategy. 

A game G is determined if Wo UW, = V, i.e., if from each position one 
of the two players has a winning strategy. In general, winning strategies 
can be very complicated. It is of interest to determine which games ad- 
mit simple strategies, in particular finite memory strategies and positional 
strategies. While positional strategies only depend on the current posi- 
tion, not on the history of the play, finite memory strategies have access to 
bounded amount of information on the past. Finite memory strategies can 
be defined as strategies that are realisable by finite automata. However, 
we shall also need to consider strategies that require infinite memory. We 
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therefore introduce a general notion of a memory structure and of a strategy 
with memory, generalising the finite memory strategies studied for instance 
in [DzJupWas97]. 


Definition 2.1. A memory structure for a game G with positions in V is a 
triple M = (M, update, init), where M is a set of memory states, update : 
M x V — M isa memory update function and init : V — M is a memory 
initialisation function. The size of the memory is the cardinality of the 
set M. A strategy with memory IN for Player ø is given by a next-move 
function F : V, x M — V such that F(v,m) € vE for all v € V,m € M. 
If a play, from starting position vo, has gone through positions vov... Un 
the memory state is m(vo ... Un), defined inductively by m(vo) = init (vo), 
and m(vo...Vivi+ı) = update(m(vo . . . vi), vi+1). In case Vn € Vs, the next 
move from v; ... Un, according to the strategy, leads to F (un, m(vo ...,Un)). 
In case |M| = 1, the strategy is positional; it can be described by a function 
F:Vs >V. 

We will say that a game is determined via memory % if it is determined 
and both players have winning strategies with memory St on their winning 
regions. A game is positionally determined if it is determined via positional 
winning strategies. 


Given a game graph G = (V, Vo, Vi, E) and a memory structure M = 
(M, update, init) we obtain a new game graph Gx It = (V x M, Vo x M, Vi x 
M, Eupaate) where 


Eupaate = {(v,m)(v',m’) : (v, v’) € E and m’ = update(m, v’)}. 
p 


Obviously, every play (vo, mo)(v1, Mı)... in Gx Mt has a unique projec- 
tion to the play vovi ... in G. Conversely, every play vo, v1,... in G has a 
unique extension to a play (vo, mo) (v1, M1)... in Gx M with mo = init(vo) 
and Mi+ı = update(mi, vi+1). 

Consider two games G = (G, Q, W) and G’ = (G’,’, W’). We say that 
G reduces via memory M to G’, (in short G <m G’) if G’ = G x M and 
every play in G’ is won by the same player as the projected play in G. 

Given a memory structure M for G and a memory structure I’ for 
G x M we obtain a memory structure M* = M x WM for G. The set of 
memory locations is M x M’ and we have memory initialization init*(v) = 
(init (v), init’(v, init(v)) and the update function 


update*((m,m’), v) := (update(m, v), update’ (m’, (v, update(m, v))). 


Proposition 2.2. Suppose that a game G reduces to G’ via memory M 
and that Player ø has a winning strategy for G’ with memory 2’ from 
(vo, init(vo))). Then Player o has a winning strategy for G with memory 
M x WM from position vo. 
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Proof. Given a strategy F” : (Vs x M) x M’ => (V x M) for Player ø on G’ 
we have to construct a strategy F : (Vo x (M x M')) = V x (M x M’). 
For any pair (v, m) € V> x M we have that F'(v, m) = (w, update(m, w)) 
where w € vE. We now put F(v, mm’) = w. Ifa play in G that is consistent 
with F proceeds from position v, with current memory location (m, m’), 
to a new position w, then the memory is updated to (n,n’) with n = 
update(m,w) and n!’ = update’(m’,(w,n)). In the extended play in g’ 
we have an associated move from position (v,m) to (w,n) with memory 
update from m’ to n’. Thus, every play in G from initial position vp that is 
consistent with F is the projection of a play in G’ from (vo, init(vo)) that is 
consistent with F”. Therefore, if F’ is a winning strategy from (vo, init(vo)), 
then F is a winning strategy from vo. Q.E.D. 


Corollary 2.3. Every game that reduces via memory Jt to a positionally 
determined game, is determined via memory Wt. 


Obviously, memory reductions between games compose. If G reduces to 
G’ with memory M = (M, update, init) and G’ reduces to G” with mem- 
ory W = (M' init’, update’) then G reduces to G” with memory (M x 
M’ init”, update”) with init” (v) = (init(v), init’(v, init(v))) and 


update((m,m’), v) = (update(m, v), update’(m’, (v, update(m, v))). 


3 Games with finitely many priorities 


In this section we consider Muller games, Streett-Rabin games, and parity 
games with finitely many priorities. 


3.1 Muller games and Streett-Rabin games 


Definition 3.1. A Muller winning condition over a finite set C of priorities 
is written in the form (Fo, F1) where Fo C P(C) and Fy = P(C) \ Fo. A 
play 7 in a game with Muller winning condition (Fo, F1) is won by Player o 
if, and only if, Inf(z), the set of priorities occurring infinitely in 7, belongs 
to Fz. 


The Zielonka tree for a Muller condition (Fo, Fı) over C is a tree 
Z(Fo, Fi) whose nodes are labelled with pairs (X,o) such that X € Fs. 
We define Z(Fo, 1) inductively as follows. Let C € F, and Co, ...,Ck-1 
be the maximal sets in {X C C : X € Fi_,~}. Then Z(Fo, Fi) consists of 
a root, labeled by (C,o), to which we attach as subtrees the Zielonka trees 
Z(Fo NP(Ci), Fa N P(C;)), for i = 0, orig k-1. 

Besides parity games there are other important special cases of Muller 
games. Of special relevance are games with Rabin and Streett conditions 
because these are positionally determined for one player [K1)94]. 
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Definition 3.2. A Streett-Rabin condition is a Muller condition (Fo, F1) 
such that Fo is closed under union. 


In the Zielonka tree for a Streett-Rabin condition, the nodes labeled 
(X,1) have only one successor. We remark that in the literature, Streett 
and Rabin conditions are often defined in a different manner, based on a 
collection {(E;, F;) : i= 1,... k} of pairs of sets. However, it is not difficult 
to see that the definitions are equivalent [Zi98]. Further, it is also easy 
to show that if both Fp and F; are closed under union, then (Fo, F1) is 
equivalent to a parity condition. The Zielonka tree for a parity condition is 
just a finite path. 

In a Streett-Rabin game, Player 1 has a positional wining strategy on 
his winning region. On the other hand, Player 0 can win, on his winning 
region, via a finite memory strategy, and the size of the memory can be 
directly read of from the Zielonka tree. We present an elementary proof of 
this result. The exposition is inspired by [DzJupWas97]. In the proof we 
use the notion of an attractor. 


Definition 3.3. Let G = (V,Vo,Vi, E, Q) be an arena and let X,Y C V, 
such that X induces a subarena of G (i.e., every position in X has a successor 
in X). The attractor of Player ø of Y in X is the set Attrž (Y) of those 
positions v € X from which Player ø has a strategy in G to force the play 
into Y. More formally Attr’ (Y) = U„ Z% where 


Z? = XAY, 
ZH = Z*U {v E VAX  vEAZ® x Oh U we Vio NX:vEC Z°}, 


D= U Z% for limit ordinals À. 
a<r 


On Attr*(Y), Player ø has a positional attractor strategy to bring the 
play into Y. Moreover X \ Attra (Y) is again a subarena. 


Theorem 3.4. Let G = (V, Vo, V1, E, Q) be game with Streett-Rabin win- 
ning condition (Fo, F1). Then G is determined, i.e. V = Wo U W1, with a 
finite memory winning strategy of Player 0 on Wo, and a positional winning 
strategy of Player 1 on W1. The size of the memory required by the winning 
strategy for Player 0 is bounded by the number of leaves of the Zielonka 
tree for (Fo, F1). 


Proof. We proceed by induction on the number of priorities in C or, equiv- 
alently, the depth of the Zielonka tree Z(Fo, F1). Let 4 be number of leaves 
of Z(Fo, Fi). We distinguish two cases. 
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First, we assume that C € F,. Let 


Xo := {v : Player 0 has a winning strategy 


with memory of size < @ from v}, 


and X; = V \ Xo. It suffices to prove that Player 1 has a positional winning 
strategy on X,. To construct this strategy, we combine three positional 
strategies of Player 1, a trap strategy, an attractor strategy, and a winning 
strategy on a subgame with fewer priorities. 

We observe that X; is a trap for Player 0; this means that Player 1 has 
a positional trap-strategy t on X; to enforce that the play stays within Xj. 

Since Fo is closed under union, there is a unique maximal subset C’ C C 
with C’ € Fy. Let Y := Xı N QIC \ C’) and let Z = Attr*(V) \ Y. 
Observe that Player 1 has a positional attractor strategy a, by which he 
forces from any position z € Z that the play reaches Y. 

Finally, let V’ = X, \ (Y U Z) and let G’ be the subgame of G induced 
by V’, with winning condition (Fo N P(C"), Fi N P(C"')). Since this game 
has fewer priorities, the induction hypothesis applies, i.e. V’ = W% U Wi, 
Player 0 has a winning strategy with memory < £ on W§ and Player 1 has 
a positional winning strategy g’ on W]. However, Wj = Ø; otherwise we 
could combine the strategies of Player 0 to obtain a winning strategy with 
memory < l on Xo UW) 2 Xo contradicting the definition of Xo. Hence 
Wi =V". 

We can now define a positional strategy g for Player 1 on Xı by 


Consider any play m that starts at a position v € X, and is consistent 
with g. Obviously m stays within X,. If it hits Y U Z only finitely often, 
then from some point onward, it stays within V and coincides with a play 
consistent with g’. It is therefore won by Player 1. Otherwise 7m hits Y U Z, 
and hence also Y, infinitely often. Thus, Inf(r)N(C\ C”) 4 Ø and therefore 
Inf(r) € Fy. 


We now consider the second case, C € Fo. There exist maximal subsets 
Co,---;Cr-1 © C with Ci € Fı. Observe that for every set D C C, we 
have that if DN (C \ Ci)  @ for alli < k, then D € Fo. Let 


Xı := {v : Player 1 has a positional winning strategy from v}, 


and Xo = V \ Xi. We claim that Player 0 has a finite memory winning 
strategy of size < £ on Xo. To construct this strategy, we proceed in a 
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similar way as above, for each of the sets C \ C;. We will obtain strategies 
fo,---, fk-1 for Player 0, such that f; has finite memory M;, and we shall 
use these strategies to build a winning strategy f on Xo with memory 
Mo U-:-U Mp1. 

For i=0,...,k—1, let Y; = XpNQ71(C\ Ci) let Zi = Attr&? (Y;) \ Yi, 
and let a; be a positional attractor strategy, by which Player 0 can force 
a play from any position in Z; to Y;. Further, let U; = Xo \ (Yi U Zi) 
and let G; be the subgame of G induced by U;, with winning condition 
(Fo N P(C;i), Fı P(C;)). The winning region of Player 1 in G; is empty; 
indeed, if Player 1 could win G; from v, then, by induction hypothesis, he 
could win with a positional winning strategy. By combining this strategy 
with the positional winning strategy of Player 1 on Xj, this would imply 
that v € Xi; but v € U; € V\ 1. 

Hence, by induction hypothesis, Player 0 has a winning strategy f; with 
finite memory M; on U;. Let (fi + ai) be the combination of f; with the 
attractor strategy a;. From any position v € U; U Z; this strategy ensures 
that the play either remains inside U; and is winning for Player 1, or it 
eventually reaches a position in Yj. 

We now combine the finite-memory strategies (fo+ao),..-,(fr—1+@r-1) 
to a winning strategy f on Xo, which ensures that either the play ultimately 
remains within one of the regions U; and coincides with a play according to 
fi, or that it cycles infinitely often through all the regions Yo,..., Yx_1. 

At positions in ();-, Yi, Player 0 just plays with a (positional) trap 
strategy ensuring that the play remains in Xo. At the first position v ¢ 
Nic Yi, Player 0 takes the minimal i such that v ¢ Yj, ie. v € Ui U Zi, 
and uses the strategy (fi + a;) until a position in w € Y; is reached. At 
this point, Player 0 switches from i to j = i + @ (mod k) for the minimal 
£ such that w ¢ Y;. Hence w € U; U Zj; Player 0 now plays with strategy 
(f; + a;) until a position in Y; is reached. There Player 0 again switches to 
the appropriate next strategy, and so on. 

Assuming that M;N M; = Ø for i Æ j it is not difficult to see that f can 
be implemented with memory M = My U---U Mz_1. We leave a formal 
definition of f to the reader. 

It remains to prove that f is winning on Xo. Let m be a play that starts 
in Xo and is consistent with f. If m eventually remains inside some U; 
then it coincides, from some point onwards, with a play that is consistent 
with fi, and therefore won by Player 0. Otherwise it hits each of the sets 
Yo,.--, Ys—1 infinitely often. But this means that Inf(7)N(C \ Ci) 4 Ø for 
all i < k; as observed above this implies that Inf(a) € Fo. 

Note that, by the induction hypothesis, the size of the memory M; is 
bounded by the number of leaves of the Zielonka subtrees Z(FpNP(C;), Fin 
P(C;). Consequently the size of M is bounded by the number of leaves 
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of Z(Fo, Fi). Q.E.D. 


Of course it also follows from this Theorem that parity games are posi- 
tionally determined. 


3.2 Latest appearance records and reductions for Muller games 


The classical example of a game reduction with finite memory is the re- 
duction of Muller games to parity games via latest appearance records. 
Intuitively, a latest appearance record (LAR) is a list of priorities ordered 
by their latest occurrence. More formally, for a finite set C of priorities, 
LAR(C) is the set of sequences ¢1...chUCK41...ce of elements from C'U {h} 
in which each priority c € C occurs at most once, and 4 occurs precisely 
once. At a position v, the LAR c1 .. . CkhCk+1 - - . Ce is updated by moving the 
priority Q(v) to the end, and moving h to the previous position of Q(v) in the 
sequence. For instance, at a position with priority co, the LAR c1c2c3hc41cs5 
is updated to cıbc3c4cs5c2. (If Q(v) did not occur in the LAR, we simply 
append Q(v) at the end.) Thus, the LAR-memory for an arena with priority 
labeling Q : V — C is the triple (LAR(C), init, update) with init(v) = hQ (v) 
and 
update(cy ... cKCh41---Ce,V) = C1... CeCe gi. CeQ(v) 


in case Q(v) € {c1...ce}, and 


update(ci ...cKOCk41---Ce,V) = C1... Cm—10Cm41-+-CeCm 


if Q(v) = cm. 

The hit-set of a LAR c1...cgocr41-..ce¢ is the set {cp41...ce} of pri- 
orities occuring after the symbol h. Note that if in a play 7 = vovi..., 
the LAR at position vn is cy... crice41--.ce then Q(vn) = ce and the hit- 
set {ck+1 - . - Ce} is the set of priorities that have been seen since the latest 
previous occurrence of cy in the play. 


Lemma 3.5. Let m be a play of a Muller game G, and let Inf(7) be the set 
of priorities occurring infinitely often in m. On m the hit-set of the latest 
appearance record is, from some point onwards, always a subset of Inf(z) 
and infinitely often coincides with Inf(z). 


Proof. For each play 7 = vpv1 v2... there is a position Vm such that Q(v,) € 
Inf(z) for all n > m. Since no priority outside Inf(7) is seen anymore after 
position Vm, the hit-set will from that point onwards always be contained in 
Inf(7), and the LAR will always have the form c3 . . . Cj—1Cj - - - Ck]Ck+1 - - - Ce 
where c1,...Cj—1 remain fixed and {cj,..., Ck, Ck+1,--- Ce} = Inf(7). Since 
all priorities in Inf(7) are seen again and again, it happens infinitely often 
that, among these, the one occuring leftmost in the LAR is hit. At such 
positions, the LAR is updated to c1,...,c¢j—-19cj41...cecy and the hit-set 
then coincides with Inf(z). Q.E.D. 
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Theorem 3.6. Every Muller game with finitely many priorities reduces via 
LAR memory to a parity game. 


Proof. Let G be a Muller game with game graph G, priority labelling Q : 
V — C and winning condition (Fo, F1). We have to prove that G <LAR 9’ 
for a parity game G’ with game graph G x LAR(C) and an appropriate 
priority labeling Q’ on V x LAR(C) which is defined as follows. 


2k if {Ck+1 Dig ce} E Fo 
1 A ’ 3 ’ 
Q’ (V, C1C2 . . . CkhCk+1 - -< Ce) = { BPA GN T Fc 


Let 7 = vov v2... be a play on G and fix a number m such that, 
for all numbers n > m and Q(vn) € Inf(7), the LAR at position vn has 
the form c,...¢;¢j41-..CebCh41...ce where Inf(7) = {cj;41,...ce} and the 
prefix cı ...cj remains fixed. In the extended play a’ = (voro)(v1, r1)... 
all nodes (Un, rn) for n > will therefore have a priority 2k + p with k > 7 
and p € {0,1}. Assume that the play m is won by Player ø, i.e., Inf(a) € 
Fs. Since infinitely often the hit-set of the LAR coincides with Inf(z), the 
minimal priority seen infinitely often on the extended play is 2j + øo. Thus 
the extended play in the parity game G’ is won by the same player as the 
original play in the Muller game G. Q.E.D. 


4 Games with infinitely many priorities 


The definition of Muller games (Definition 3.1) directly generalises to count- 
able sets C of priorities!. However, a representation of a Muller condition 
by a Zielonka tree is not always possible, since we may have sets D € F, 
that have subsets in F,;_, but no maximal ones. Further, it turns out that 
the condition that Fo and Fı are both closed under finite unions is no longer 
sufficient for positional determinacy. To see this let us discuss the possible 
generalisations of parity games to the case of priority assigments Q : V > w. 
For parity games with finitely many priorities it is of course purely a mat- 
ter of taste whether we let the winner be determined by the least priority 
seen infinitely often or by the greatest one. Here this is no longer the case. 
Based on priority assignments Q : V — w we consider the following classes 
of games. 


Infinity games are games where Player 0 wins those infinite plays in which 
no priority at all appears infinitely often, i.e. 
Fo = {Ø}, 
Fı = P(w) \ {Ø}. 


1 With minor modifications, it can also be generalised to uncountable sets C. See 
[Gro Was 06] for a discussion of this. 
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Parity games are games where Player 0 wins the plays in which the least 
priority seen infinitely often is even, or where no priority appears 
infinitely often. Thus, 


Fo = {X Cw: min(X) is even} U {Ø}, 
Fı = {X Cw: min(X) is odd}. 


Max-parity games are games where Player 0 wins if the maximal priority 
occurring infinitely often is even, or does not exist, i.e. 


Fo ={X Cw: if X is finite and non-empty, then max(X) is even}, 
Fı = {X Cw: X is finite, non-empty, and max(X) is odd}. 


It is easy to see that infinity games are a special case of parity games (via 
a simple reassignment of priorities). Further we note that for both parity 
games and max-parity games, Fo and Fı are closed under finite unions. 
Nevertheless the conditions behave quite differently. The parity condition 
has a very simple Zielonka tree, namely just a Zielonka path 


w —> w\{0} — w\ {0,1} — w\{0,1,2} — --- 


whereas there is no Zielonka tree for the max-parity condition since w € Fo 
has no maximal subset in F, (and F; is not closed under unions of chains). 
This is in fact related to a much more important difference concerning the 
memory needed for winning strategies. 


Proposition 4.1. Max-parity games with infinitely many priorities in gen- 
eral do not admit finite memory winning strategies. 


Proof. Consider the max-parity game with positions Vọ = {0} and Vı = 
{2n +1: n € N} (where the name of a position is also its priority), such 
that Player 0 can move from 0 to any position 2n+1 and Player 1 can move 
back from 2n + 1 to 0. Clearly Player 0 has a winning strategy from each 
position but no winning stategy with finite memory. Q.E.D. 


On the other hand it has been shown in [GroWas506] that infinity games 
and parity games with priorities in w do admit positional winning strategies 
for both players on all game graphs. In fact, parity games over w turn out 
to be the only Muller games with this property. 


Theorem 4.2 (Gradel, Walukiewicz). Let (Fo, F1) be a Muller winning 
condition over a countable set C of priorities. Then the following are equiv- 
alent. 
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(i) Every game with winning condition (Fo, F1) is positionally deter- 
mined. 


(ii) Both Fo and F, are closed under finite unions, unions of chains, and 
non-empty intersections of chains. 


(iii) The Zielonka tree of (Fo, F1) exists, and is a path of co-finite sets (and 
possibly the empty set at the end). 


(iv) (Fo, F1) reduces to a parity condition over n < w priorities. 


5 Finite Appearance Records 


Although over an infinite set of priorities one can easily define Muller games 
that do not admit finite memory strategies, these games are often solvable 
by strategies with very simple infinite memory structures. For instance, for 
the max-parity game described in the proof of Proposition 4.1, it suffices 
for Player 0 to store the maximal priority seen so far, in order to determine 
the next move in her winning strategy. One can readily come up with other 
games where the memory required by a winning strategies is essentially a 
finite collection of previously seen priorities. 

This motivates the definition of an infinite memory structure that we 
call finite appearance records (FAR) which generalises the LAR-memory for 
finitely coloured games. In a FAR we store tuples of previously encountered 
priorities or some other symbols from a finite set. Additionally the update 
function in the appearance record is restricted, so that new values of the 
memory can be equal only to the values stored before or to the currently 
seen priority. 


Definition 5.1. A d-dimensional FAR-memory for a game G with priorities 
in C is a memory structure (M, update, init) for G with M = (CU N)? for 
some finite set N such that whenever 


update(mi,...,ma,v) = (mj,...,m4) 


then m; € {m,,...,mMa}UNU {Q(v)}. 


Note that an LAR-memory over a finite set C is a special case of an FAR- 
memory, with d= |C|+1 and N = {h, B}, where B is a blank symbol used 
to pad latest appearance records in which some priorities are missing. Here 
the dimension of the FAR depends on the size of C. Hence, the question 
arises whether there is a fixed dimension d and a fixed additional set N 
such that every finitely coloured Muller game reduces to a parity game via 
d-dimensional FAR-memory. From Theorem 1.1 it follows that his is not 
the case. Indeed, since n! grows faster than nf for any constant d, we infer 


What Kind of Memory is Needed to Win Infinitary Muller Games? 103 


that for any dimension d there is a Muller game Ga that can not be reduced 
to a parity game via d-dimensional FAR-memory. 
From this we obtain the following conclusion. 


Proposition 5.2. There exists an infinitely coloured Muller game G that 
does not reduce to a parity game with any FAR-memory. 


Proof. Take G to be the disjoint sum of the games Ga, assuming that all these 
games have disjoint sets of priorities. Suppose that G reduces to a parity 
game via some FAR-memory of dimension d. Since game extensions preserve 
connectivity it follows that the extension of the connected component Gq of 
G will also be a parity game. But this contradicts the fact that Ga does not 
reduce to a parity game via d-dimensional FAR-memory. Q.E.D. 


6 FAR-reductions for Muller games 


In this section we consider some cases of Muller games with priorities in w 
that admit FAR-reductions to positionally determined games. 

To illustrate the idea consider any downwards cone Fo = {X : X C A} 
for a fixed set A Cw. Again it is easy to see that such games may require 
infinite-memory strategies. To reduce such a game to a parity game G’ it 
suffices to store the maximal priority m seen so far, and to define priorities 
in G’ by 

Q'(v,m) = 


2m+2 if AW)EA, 
2Q(v) +1 otherwise. 


If Inf(z) C A then Player 0 wins 7’ since no odd priority is seen infinitely 
often in 7’. If there is some a € Inf(7)\ A, then 2a+1 occurs infinitely often 
in 7’, and since a < m from some point onwards, no smaller even priority 
can have this property, so Player 1 wins m’. 

Hence any Muller game such that Fo (or Fı) is a downwards cone is 
determined via one-dimensional FAR-memory. 


6.1 Visiting sequences and singleton Muller conditions 


Our next example for winning conditions that are amenable for an ap- 
proach via FAR-reductions are Muller games where the winning condition 
of Player 0 is a singleton, i.e., Fo = {A}, Fi = P(w) \ {A}. 

We first observe that such games may require infinite memory. 


Theorem 6.1. For any A # Ø, there exists a (solitaire) Muller game with 
Fo = {A} whose winning strategies all require infinite memory. 


Proof. If A = {a1,a2,...} is infinite, take the game with set of positions 
V = Vo = A (where the name of a position indicates also its priority), and 
moves (@1,@,,) and (an, a1) for all n > 2. If A = {aj,...,a,} is finite, let 
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w\ A = {bi, bo,...} we consider instead the game with V = Vo = AU(w\ A), 
and set of moves 


E={(aj,ai41):1 <i < n}u{(an,b) 2b € (w\ A}UL(b, a1) :b E (w\ A). 
In both cases, Player 0 wins, but requires infinite memory to do so. Q.E.D. 


We will prove that singleton Muller games can be reduced via FAR- 
memory to parity games with priorities in w which, as shown in [Gro Was 06], 
are positionally determined. The FAR-memory that we use for this reduc- 
tion is based on a particular order in which the elements of the winning sets 
have to be seen infinitely often, which is specified by a visiting sequence. 


Definition 6.2. Let A = {a1 < a2 < ...} be an infinite subset of w. 
For each n € w, let plan) := a1a2...an be the prefix of an. The visiting 
sequence of A is the concatenation of the prefixes of all elements of A 


visit(A) = p(a1)p(a2)p(a3) ... 
For a finite set {a1 < a2 < --- < an} Cw we define visit(A) = p(an)”. 
Let G be a Muller game over w. 


Lemma 6.3. For any play 7 = v1v2... of G the set Inf(z) is the unique 
set A with the following two properties: 


(1) There is a sequence of indices i; < ig < ... such that Q(v;,)Q(u,)... 
forms the visiting sequence of A. 


(2) If Q(u,) E€ w\ A then there is only a finite number of indices i > k such 
that Q(u;) € {0,..., (vn) } Mw \ A. 


Proof. First we notice that A = Inf(7) indeed fulfils these two properties. 
The visiting sequence can be chosen from the play as all elements of Inf(z) 
appear infinitely often. Since all elements of w \ Inf(7) occur only finitely 
often in the play, the second property must also hold. 

Conversely, if a set A satisfies property (1), then all elements of A appear 
infinitely often in 7, so A C Inf(z). If there were an element a € Inf(z) \ A, 
then for any k with Q(v;,) = a, there were infinitely many indices i > k, with 
Q(v;) = a which contradicts property (2). Thus if A satisfies properties (1) 
and (2), then A = Inf(z). Q.E.D. 


Let A C w be infinite. Any initial segment of the visiting sequence of A 
can be written in the form p(a1)p(a2)...p(a;)aia2...a; where 1 < j <i+1. 
It can be represented by a pair (p,c) where c = a, indicates the position 
of the last letter in the current prefix p(aji1), and p = a; indicates the 
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last previously completed prefix (or € if we are at the first element). For 
instance, the initial segment a 1 a1 a2 a1 a2a3 41a2a3 of the visiting sequence 
of A is encoded by (a3,a3), the initial segment a; is encoded by (e, a1), 
and the empty initial segment by (¢€,¢). We write visit,,(A) for the initial 
segment of length A of visit(A). 

Given a (finite or infinite) winning set A, we want to use a three- 
dimensional FAR-memory to check whether Inf(7) = A. For infinite A, 
the memory state after an initial segment of a play is a triple (p, c, q) where 
(p,c) encode the initial segment of the visiting sequence of A that has been 
seen so far, and q is the maximal priority that has occurred. 


Definition 6.4. For any infinite set A C w, we define a three-dimensional 
FAR-memory FAR(A) = (M, init, update) with M = {(p,c,q) : p,c E wU 
{e},q E€ w}. The initialisation function is defined by 


es) OO) Ty aE) aes 
(c,e,Q(v)) if Mv) Fan. 


The update function is defined by 
update(p, c, q, v) = (p',¢,q’), 


where q! = max(q,Q(v)), and where either (p,c) and respectively (p’,c’) 
encode, for some n, the initial segments visit,,(A) and visit,41(A) of the 
visiting sequence of A such that visit,+1(A) = visit,(A)Q(v), or otherwise, 
(p',c') = (p, c). 

For a more formal description, let 


2 if, for some i, p = ai, € = ai41, O(v) = a1, 


up(p,¢,v) = 41 if, for some j < i, p= ai, € = aj, Q(v) = aj+1, 
0 otherwise 


(where, to simplify notation, we identify £ with aj). Note that up(p, c, v) = 2 
if, at node v, the visiting sequence is updated with an aj (i.e. a prefix p(a;) 
has been completed and a new one is started), that up(p,c,v) = 1 if the 
visiting sequence is updated by another value, and that up(p,c,v) = 0 
if no update of the visiting sequence happens at v. Then we can define 
update(p, c, q, v) := (p', c, q') by 

(c,Q(v)) if up(p,c,v) = 2, 
(x) if up(p,c,v) =1, 
(p, c) if up(p, c, v) = 0, 


Q 
(p',c’) Q 


I 
S 
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For finite A = {a1 < a2 <--- < an} this has to be modified since once 
cannot really encode the part of the visiting sequence that one has seen with 
priorities in A. In this case the value (p, c, q) is so that c is the last element 
of the visiting sequence, q is the maximal priority that has occurred so far, 
and p is the maximal priority that had occured up to the last time when, 
in the visiting sequence of A, a prefix p(an) had been completed and c had 
been updated from an to a1. Thus we set 


2 ifc=a,,Q(v) =a, 
up(p,c,v) = 4 1 if, for some i < n, c = aj, OQ(v) = ait, 


0 otherwise, 


and update(p, c, q, v) := (p',c',q') with 


(q,Q(v)) if up(p,c¢, v) = 2. 
(Pc) = 4(p,Q(v)) if up(p,¢,v) = 1, 
(p, ¢) if up(p, c, v) = 0, 

q = max(g,Q(v)). 


Theorem 6.5. Any singleton Muller game with Fo = {A} can be reduced, 
via memory FAR(A), to a parity game. 


Proof. The given Muller game G with arena (G,Q) and Muller condition 
such that Fo = {A} is reduced via memory FAR(A) to a parity game g’ 
with priority function 2’: V x FAR(A) — w defined as follows: 


2p+2 if Q(v) € A, up(p, c, v) € {1,2}, 
Q'(v,p,c,q) = < 2p+3 if Q(v) € A, up(p, c, v) = 0, 
min(2p + 3,2Q(v) +1) if Q(v) gA. 


We have to prove that any play 7 = voviv2... of G is won by the same 
player as the extended play 


T = (vo, Po, Co, qo) (V1, P1, C1, q1 )(V2, P2, C2, q2) see 


of G’. 

We first assume that Inf(a7) = A and prove that either no priority at all 
occurs infinitely often in 7’ or the minimal such is even. If A is infinite, 
then the sequence of the values p, diverges and therefore no priority will 
be seen infinitely often in 7’. If A is finite then it may be the case that 
the sequence (pr)new converges, i.e., Pn = p from some point onwards. But 
since the visiting sequence will be updated again and again this means that 
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infinitely often the priority 2p + 2 occurs in 7’, and the only other priority 
that may occur infinitely often is 2p + 3. Hence Player 0 wins 7’. 

For the converse, we assume that Player 1 wins 7. We distinguish several 
cases. If there exist some a € A \ Inf(z) then from some point onwards, 
the visiting sequence cannot be updated anymore, so the sequence (pn) new 
stabilises at some value p. Then the minimal priority seen infinitely often is 
either 2p + 3, or 2Q(v) + 1 for some Q(v) € w \ A and Player 1 also wins 7’. 
If no such element a exists, then A Ç Inf(z) and there is a minimal element 
b € Inf(z) \ A. If the sequence (pn)new diverges (which is always the case 
for infinite winning sets A) then the minimal priority seen infinitely often 
in 7’ is 2b+ 1. If A is finite then the sequence pn may stabilise at some 
value p which coincides with the largest priority ever occurring in 7. Hence 
b < p and therefore 2b+ 1 < 2p + 2, so the minimal priority seen infinitely 
often in 7’ is 2b + 1. Again Player 1 wins the associated play in the parity 
game. Q.E.D. 


Corollary 6.6. Singleton Muller games are determined with FAR memory. 


6.2 Finite unions of upwards cones 


Visiting sequences can also be used for the case where Fo is a finite union 
of upwards cones, i.e. 


k 
Fo=|J{X: Ai CX Cu} 
i=1 
for some finite collection of sets A,,..., Ax. 


The FAR-memory stores the pairs (p;, ci) encoding the visiting sequences 
of Aj,...,A,. All that has to checked is whether A; C Inf(z) for some i, 
which is the case if, and only if, one of the visiting sequences is updated 
infinitely often. Thus we can define priorities by 


0 if up(pi, ci, v) = 2 for some i, 


Q’ (v, p1, C1,- -, Pk, Ck) = 
(Opie Pk, Ck) f otherwise. 


Theorem 6.7. Any Muller game such that F, is a finite union of upwards 
cones is determined via FAR-memory. 


6.3 Muller conditions with finitely many winning sets 


We now consider the case of Muller games whose winning conditions are 
defined by a finite collection of (possibly infinite) sets, Fo = {A1,..., Ak}. 
To extend the idea presented above to this case we are going to use the 
memory FAR(A;) for each set A; and additionally we have to remember 
when the set A; is active, as is described below. The property of being 
active is stored in a value a; € {0,1,2}. 
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Definition 6.8. For any finite collection {A1,..., Ax} of sets A; C w, we 
define a 4k-dimensional FAR-memory FAR(Aj,..., Ax) = (M, init, update). 
We denote the FAR-memory of A; by FAR(A;) = (Mi, init;, update,). Then 
M = Mı x M x ... x Mp x {0,1,2}*. The initialisation function is defined 
by 

init(v) = (initi(v),..., init, (v), 0). 


The update function is defined by 


update(m1,..., Mk, @1,---, Ak, U) 


= (update; (mı, v), ..., update, (mz, v), a1,- -<3 0%); 
where a; is the new activation value for sequence i defined by 


0 if v ¢ Aj and for some j < k up;(mj,v) > 0, 
a, = $ min(2,a;+1) if up;(m;, v) = 2, 


aj otherwise. 


Theorem 6.9. Any Muller game with Fo = {Ai,..., Ax} can be reduced, 
via memory FAR(Aj,..., Ax), to a parity game. 


Proof. The given Muller game G with arena (G,Q) and Muller condition 
such that Fo = {Ai,...,Ax} is reduced to a parity game G’ with priority 
function Q’ defined as follows: 


MaX4; : Q(v)EA,Aai=2}(2kpi + 275 +2) if j exists such that 

Q(v) € Aj,a; = 2, 

up;(mj, v) € {1, 2}, 

j= MAX{; ; Q(wjeAinai=2}(2kpi + 2r; +3) if j exists such that 
Q(v) € Aj, a; = 2; 

up;(mj,v) = 0 for 


all such j, 
min(2k max(pı ... pk) +3,2Q(v) +1) otherwise, 


where p; is the first component of the i-th memory m; = (pi, ci, qi) and for 
each A; € Fo we have r; = |{A; € Fo : Ai C Az}. 


We have to prove that any play 7 = voviv2... of G is won by the same 
player as the extended play 


/ 
T = (vo, ™10,-- <, Mko, Q10, - < - ako) (V1, M11,- -+,Mk1,411,-- .Ok1) EEEO 


For a given play m of G, we divide the sets Aı,..., Ax € Fo into three 
classes. 
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The good: A; is a good set if A; is active (i.e., a; = 2) only finitely often 
in 7. 


The bad: A; is a bad set, if A; C Inf(7) and A; is not a good set. 


The ugly: A; is an ugly set if there is a priority c € A; \ Inf(a) and A; is 
not a good set. 


Lemma 6.10. If A; is bad and A; is ugly, then A; C Aj. 


Proof. Assume that there is a b € A; \ Aj. Since A; C Inf(z) the visiting 
sequence for A; is updated infinitely often, hence infinitely often with b, and 
whenever this happens then a; is reset to 0. By definition there is a c € A; 
that is seen only finitely many times in 7. Therefore a; = 0 from some point 
onwards. But this contradicts the assumption that A; is not good. Q.E.D. 


We first assume that Inf(a) = A; and prove that either no priority at all 
occurs infinitely often in x’ or the minimal such priority is even. 

Since from some point on there is no priority d ¢ A; that occurs infinitely 
often, then for all sets A; that are not subsets of A; the visiting sequence 
will not be updated any more, and so the sequence (pjn)new stabilises at 
some value p;. Since the visiting sequence of A; is updated infinitely often, 
we get that from some point on a; = 2. Hence A; is a bad set. We can now 
argue as in the proof of Theorem 6.5: if infinitely many priorities appear in 
a, then the sequence (pin)new diverges and no priority at all will be seen 
infinitely often in 7’. It remains to consider the case where only finitely 
many priorities occur in 7. Then the sequence (pin)new stabilises at some 
value p, which is the maximal priority appearing in 7. For any A; ¢ Aj, the 
sequence (Pjn)new Will then also stabilise at the same value p, and rj > rj. 
It follows that some priority of form 2kp + 2re + 2 occurs infinitely often in 
mw’, where re > ri. 

Suppose now that some smaller odd priority occurs infinitely often in 
n’. Then it would have to be of the form 2kp + 2r; +3 with r; < re such 
that a; = 2 infinitely often. However, only finitely many priorities appear 
in m. Hence if there are infinitely many positions v such that Q(v) € A; 
and a; = 2, then from some point onwards all these positions v satisfy that 
Q(v) € Aj N A; and a; = 2. On infinitely many such positions an update 
happens, and therefore, also the priority 2kp + 2r; + 2 appears infinitely 
often. Hence Player 0 wins 7’. 


For the converse, we now assume that Player 1 wins r. 


Lemma 6.11. Suppose that some even priority 2kq+2r-+2 is seen infinitely 
often in 7’. Then q is the maximal priority that occurs in m and r = rọ for 
some bad set Ag. 
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Proof. If there are infinitely many occurrences of 2kq+ 2r+2 in x’, then q 
is the maximal priority that occurs in 7 and some A; is updated infinitely 
often (i.e. A; C Inf(7)) and active infinitely often. Obviously A; is bad and 
r>r;. Ifr Æ r for all bad set Ag, then r = rj for some other A; that is 
active infinitely often. Thus A; has to be ugly. But then by Lemma 6.10 
A; C Aj and thus r; > r; =r. But r > r;. Q.E.D. 


Let r = min{re : Ay is bad}. To show that Player 1 wins 7’ it suffices to 
prove that there is an odd priority occurring infinitely often in m’ which, in 
case there exists a bound q on all priorities appearing in 7, is smaller than 
2kq + 2r +2. 

Notice that for any ugly set A;, the sequence (pin)new stabilises at some 
value p;. Let p = max{p; : A; is ugly}. 

We distinguish two cases. First we assume that there exists some priority 


b € Inf(m) \ LJ{ Ai : A; is bad}. 


Fix no such that, for all n > no, Pin = pi for all ugly sets A; and ain 4 2 
for all good sets A;. Since b € Inf(z) there exist infinitely many vn with 
n > no and Q(v,) = b. For such v, we have 0’ (Un, Mn, @n) = 2kp + 2r; +3 
if there is a set A; (which has to be ugly) such that b € A; and a; = 2. 

Otherwise Q’ (vn, Mn, an) is odd and < 2b + 1. Since A; is ugly and A, 
is bad it follows that Ay C A;. Thus, r; < r. Further p < q. It follows that 
there exists some odd priority s < max(2kp + 2r; +3,2b4+ 1) < 2kq+r +2 
that appears in 7’ infinitely often. 


Now we consider the other case: every b € Inf(z) is contained in some 
bad set Aji). Let A1,..., Ae be the bad sets. Without loss of generality, we 
assume that A; is a maximal bad set, i.e., A; Z A; for i = 2,...,@. Since 
A, is a strict subset of Inf(7), we can fix a priority d € Inf(7) \ Ai; since 
any priority d € Inf() is contained in some bad set, we can assume that 
d € Ag. Further, by the maximality of A,, we can fix priorities e2,...,e¢ 
where e; € A, \ Aj. 


We consider a suffix of 7 that starts at a position where 


e all sequences (pin)new that stabilise at some value p; have already 
reached that value; 


e all good sets A; have become inactive for good (i.e. a; 4 2), 


e in the visiting sequence for A, the prefixes p(e1),...p(ec) have already 
been completed. 


Note that A, is updated infinitely often, and between any two consec- 
utive points in this suffix at which up, = 2 all priorities e2,...,e¢ are seen 
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at least once. Since the priority d appears infinitely often in m and Ag is 
updated infinitely often, we are going to see infinitely many points Vno in 
the considered suffix of m for which Q(vn,) = d and a, = 0 (since a; is reset 
with an update of A2). Since aı increases to 2 infinitely often, there are 
infinitely many tuples no < nı < nz such that a, = 7 at all positions Un 
with n; < n < ni4i and ay = 2 at Un. 

By definition up, = 2 at vn, and vn, and there cannot be any updates 
on priority d between vp, and Un,, as then a; would be reset to 0. By 
our choice of the considered suffix of 7, there are updates on all e2,..., eg 
between vp, and Vno. Therefore, for any bad set A; that contains d, we have 
that a; < 2 between position Vn, and the first position vn with O(un) = d 
that comes after vna. This is the case because between vn, and vp, the value 
a; was reset to 0 by the update of the visiting sequence for A; by priority 
ej, and since then it has not increased by more than 1 since there was no 
update on priority d. 

Let us now consider the new priority at Un. Since all bad sets A; 
containing d are inactive, we have the same situation as in the first case: 
Q (Un, Mn, On) = 2kp + 2r; + 3 if there is a set A; (which has to be ugly) 
such that d € A; and a; = 2. Otherwise Q’ (vn, Mn, Gn) is odd and < 2d+1. 
Since A; is ugly and Ay is bad it follows that Ag C A; and thus r; < re =r. 
Further p < q. 

There are infinitely many such positions vn. Thus there must exist some 
odd priority s < max(2kp + 2r; + 3,2d + 1) < 2kq +r + 2 that appears in 
n’ infinitely often. Q.E.D. 


Of course, the same arguments apply to the case where F; is finite. 


Corollary 6.12. Let (Fo, F1) be a Muller winning condition such that ei- 
ther Fo or F; is finite. Then every Muller game with this winning condition 
is determined via FAR memory. 


6.4 Max parity games with bounded moves 


We say that an arena (G, Q) has bounded moves if there is a natural number 
d such that |Q(v) — Q(w)| < d for all edges (v, w) of G. 

We have shown in Proposition 4.1 that, in general, winning strategies 
for max-parity games require infinite memory, but we do not know whether 
max-parity games are determined via FAR-memory. 

For max-parity games with bounded moves, it is still the case that win- 
ning strategies may require infinite memory, but now we can prove deter- 
minacy via FAR-memory. 


Proposition 6.13. There exist max-parity games with bounded moves 
whose winning strategies require infinite memory. 
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Proof. Consider a (solitaire) max-parity game with a single node vo of pri- 
ority 0 from which Player 0 has, for every odd number 2n + 1, the option to 
go through a cycle Cn consisting of nodes with priorities 2,4,...,2n,2n + 
1,2n,2n — 2,...,4,2 and back to the node vo. All these cycles intersect 
only at vo. Clearly Player 0 has a winning strategy, namely to go succes- 
sively through cycles C1, C2,... with the result that there is no maximal 
priority occurring infinitely often. However, if Player 0 moves according to 
a finite-memory strategy then only finitely many cycles will be visited and 
there is a maximal n such that the cycle Cn will be visited infinitely often. 
Thus the maximal priority seen infinitely often will be 2n + 1 and Player 0 
loses. Q.E.D. 


Lemma 6.14. Let 7 be a play of a max-parity game G with bounded moves 
such that infinitely many different priorities occur in m. Then max(Inf(7)) 
does not exist, so 7 is won by Player 0. 


Proof. Assume that moves of G are bounded by d and Inf(7) #4 Ø and 
let q be any priority occurring infinitely often on 7. Since infinitely many 
different priorities occur on 7 it must happen infinitely often that from a 
position with priority q the play eventually reaches a priority larger than 
q+ d. Since moves are bounded by d, this means that on the way the play 
has to go through at least one of the priorities q+ 1,...,q+d. Hence at least 
one of these priorities also occurs infinitely often, so g cannot be maximal 
in Inf(z). Q.E.D. 


Theorem 6.15. Every max-parity game with bounded moves can be re- 
duced via a one-dimensional FAR-memory to a parity game. Hence max- 
parity games are determined via strategies with one-dimensional FAR- 
memory. 


Proof. The FAR-memory simply stores the maximal priority m that has 
been seen so far. To reduce a max-parity game G with bounded moves, via 
this memory, to a parity game G’ we define the priorities of G’ by 


Q (v, m) = 2m — Q(v). 


Let m be a play of G and let 7’ be the extended play in G’. We distinguish 
two cases. First, we assume that on m the sequence of values for m is 
unbounded. This means that infinitely many different priorities occur on 7, 
so by Lemma 6.14, Player 0 wins 7. But since m < 9’(v,m) and m never 
stabilises there is no priority that occurs infinitely often on 7, so 7’ is also 
won by Player 0. 

In the second case there exists a suffix of 7 on which m remains fixed 
on the maximal priority of m. In that case Inf(z) is a non-empty subset 
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of {0,...,m} and Inf(z’) is a non-empty subset of {m,...,2m}. Further, 
Q/(v,m) is even if, and only if Q(v) is even, and 0’(v1,m) < Q'(v2,m) 
if, and only if, Q(v1) > Q(v2). Thus, min(Inf(z’)) is even if, and only if, 
max(Inf(7)) is even. Hence r is won by the same Player as m’. Q.E.D. 


7 Conclusion 


We have introduced a new memory structure for strategies in infinite games, 
called FAR-memory, which is appropriate for games with infinitely many pri- 
orities and which generalises the LAR-memory for finitary Muller games. 
We have shown that there are a number of infinitary Muller winning con- 
ditions with the following two properties. 


(1) There exist Muller games with these winning conditions all whose win- 
ning strategies require infinite memory. 


(2) All Muller games with such winning conditions can be reduced via FAR- 
memory to parity games. Therefore all these games are determined via 
FAR-memory. 


The class of these Muller conditions includes: (1) downward cones, (2) 
singleton conditions, (3) finite unions of upwards cones, and (4)winning 
conditions with finitely many winning sets. 

Further we have shown that the same property holds for max-parity 
games with bounded moves. It is open whether arbitrary max-parity games 
are determined via FAR-memory. It would also be desirable to obtain a 
complete classification of the infinitary Muller conditions with this property. 
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Abstract 


We look for an intuitive reason why the Tarski-style semantics of log- 
ics of imperfect information (the author’s trump semantics) needs sets 
of assignments where Tarski’s semantics for standard logic uses single 
assignments. To find one, we generalise the semantics to a certain 
class of games. In this setting, sets of assignments arise naturally; 
under perfect information one can reduce from sets of assignments to 
single assignments by choice and gluing. Also truth values can be real 
numbers, and the number of players can be any natural number > 2; 
so bivalence and the dialogue between two players are not needed for 
trump-style semantics. 


1 The source of the question 


In 1961 Leon Henkin [He;61] extended first-order logic by adding partially 
ordered arrays of quantifiers. He proposed a semantics for sentences y that 
begin with quantifier arrays of this kind: ¢ is true in a structure A if and 
only if there are a sentence y* and a structure A* such that: 


e yt comes from ọ by removing each existential quantifier Jy in the 
partially ordered prefix, and replacing each occurrence of the variable 
y by a term F(Z) where g are the variables universally quantified 
‘before’ Jy in the quantifier prefix (so that the new function symbols 
F are Skolem function symbols), 


e A* comes from A by adding functions to interpret the Skolem function 
symbols in yt, and 


* My warm thanks to the organisers of ‘Interactive Logic: Games and Social Software’ 
for a very stimulating meeting, and for giving me the opportunity to present this paper; 
and to the organisers of the programme ‘Logic and Algorithms’ at the Isaac Newton 
Institute in Cambridge, where the paper was written up. Also I thank the referee for 
helpful suggestions towards improving the presentation. 


Johan van Benthem, Dov Gabbay, Benedikt Löwe (eds.). Interactive Logic. Proceedings of 
the 7th Augustus de Morgan Workshop, London. Texts in Logic and Games 1, Amsterdam 
University Press 2007, pp. 117-133. 
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e y* is true in AT. 
For example the sentence 


(Vax) (Ay) 
(Vz) (Sw) W(x, Y, z, w) (1.1) 


is true in A if and only if there are functions F4, G4 such that 


(A, F4, G^) = (vr) (vYzjy(x, F(x), z,G(z)) (1.2) 


where F, G stand for F4, G4 respectively. Jon Barwise commented seven- 
teen years later: 


...the meaning of a branching quantifier expression of logic like: 


Va — Jy 
7) 3 Fi P (1.3) 
mars > Wenzu) 


cannot be defined inductively in terms of simpler formulas, by ex- 
plaining away one quantifier at a time. Rather, the whole block 


Ve — dy 
i > (1.4) 


= aw 


Ww 


fi 


must be treated at once. [Ba678]" 


He offered a proof of what he called ‘a precise version of this claim’. Un- 
fortunately his proof proves much less than he said. It shows only that 
truth for Henkin’s sentences is not an inductive verifiability relation in the 
sense of Barwise and Moschovakis [BasMo:178]. The key point is that the 
inductive clauses can’t be first-order; but this is hardly surprising. 


2 Separating out the problems 


With hindsight we can see that there are at least three problems that stand 
in the way of giving an inductive definition of truth for sentences with 
partially ordered quantifier arrays. 

The first problem is that the definition needs to describe the effect of 
adding a single quantifier at the lefthand end of a formula. But for partially 
ordered quantifier arrays there may be several lefthand ends, and it makes 
a difference where we add the quantifier. The sentence (1.3) behaves quite 
differently from 


Vz == Va => ay 
Uy Zs (1.5) 
EET 


1 We use w in place of Barwise’s A to avoid a clash of notation, and also number the 
formulas. 
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I don’t know that anybody has thought seriously about this problem; it 
needs a subtler notion of substitution than we are used to in logic. But 
in any case Jaakko Hintikka showed how to sidestep it by using a notation 
that shakes Henkin’s formulas down into a linear form. The formula (1.1) 
above becomes 


(Var) (Sy) (V2/Sy) (Aw/Va)b(a, y, z, w) (1.6) 


in Hintikka’s notation. (Hintikka also introduced a dual notion of falsehood 
in terms of Skolem functions for the universal quantifiers. Thus the slash 
/Ay in (1.6) expresses that the function for z is independent of y.) This 
linear notation forms the syntax of the ‘Independence-Friendly’ IF logic of 
Hintikka and Sandu [Hi,Sa496]. Hintikka also pointed out that the Skolem 
functions can be regarded as strategies in a game between V and J; the 
resulting games form the game semantics for IF logic. 

The second problem is that a Skolem function for an existential quantifier 
is a function of the preceding universally quantified variables, but not of the 
preceding existentially quantified ones. But for example the formula 


(Aw/Vx)u0(a, y, z, w) (1.7) 


gives no indication whether the variables y and z are going to be universally 
or existentially quantified; so from the formula alone we don’t know what 
information can be fed into the Skolem functions for it. 

In [Ho,97a] I sidestepped this second problem by replacing the Skolem 
functions by general game strategies. Unlike a Skolem function, a strategy 
for a player can call on previous choices of either player. For games of 
perfect information this is a distinction without a difference; if player J 
has a winning strategy using the previous choices of both players, then 
player 3 has a winning strategy that depends only on the previous choices 
of player V. But for games of imperfect information, such as we have here, 
it makes a difference. I proposed marking the difference between Hintikka’s 
games and mine by dropping the quantifiers after the slashes, and writing 
for example (Vz/y) where Hintikka writes (Vz/dy). In what follows we refer 
to the logic with my notation and the general game semantics as slash logic. 
During recent years many writers in this area (but never Hintikka himself) 
have transferred the name ‘IF logic’ to slash logic, often without realising 
the difference. Until the terminology settles down, we have to beware of 
examples and proofs that don’t make clear which semantics they intend. 

Given a solution to the third problem (below), solving the second prob- 
lem for IF logic with the Skolem function semantics is tiresome but not 
difficult. The solution is to give several different interpretations for each 
formula, one for each guess about which free variables are going to be 
quantified existentially. As we add the quantifiers, we discard the wrong 


120 W. Hodges 


guesses—a bit like Cooper storage. Details are in [Ho,97b]. I believe a 
similar trick should deal with the first problem when it has been correctly 
posed. 

There remains the third problem, which is to find an inductive truth 
definition for slash logic. The paper [Ho197a] gave the trump semantics, 
which solves this problem. 

It turned out that the main idea needed was to think of formulas as being 
satisfied not by assignments to their variables, but by sets of assignments. 
Why sets of assignments? Mathematically the idea is natural enough, but 
we can hardly see by intuition that it will work. For a while I almost 
convinced myself that an inductive truth definition for slash logic would 
need sets of sets of assignments, sets of sets of sets of assignments, and so 
on up the hierarchy of finite types. 

An intuitive answer to the question ‘Why sets of assignments?’ could 
do marvels for making the inductive semantics of these sentences more ap- 
pealing. But it’s hardly clear where to look for an intuition. One obvious 
approach is to try generalising the semantics to other logics, in order to 
see what is needed where. But in the last ten years this hasn’t happened. 
The semantics has been extended, but only to logics with broadly the same 
features as Henkin’s original. 

So we have to look elsewhere. One suggestion runs as follows. The 
trump semantics for formulas of slash logic was found by starting from 
a game semantics on sentences. The passage from sentences to games to 
trumps is too complex to support any strong intuition. So we should try 
to separate the games from the trump semantics. There are two natural 
ways to do this. The first way is to discard the games altogether and find a 
direct motivation for the trump semantics. Jouko Väänänen has made good 
progress in this direction [VaHoj 00]. 

The second way is to abandon the formulas and work directly with the 
games. This is the purpose of this paper. 


3 The programme 


We aim to extract the game-theoretic content of the games in [Ho 97a], and 
extend it to a class of games that has no intrinsic connection with formulas 
or truth values. Finding the trump semantics was a matter of extending 
the truth values on sentences to semantic values on formulas, in such a way 
that the values on formulas could be built up by induction on complexity. 
We aim to do the same but in a purely game-theoretic setting: we define 
values on games, and we extend these values to values on subgames, again 
with the aim of defining these values by induction. 

This description is too open-ended for comfort. Since we’ve thrown away 
the connection with truth, what counts as a correct extension to subgames? 
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Fortunately we know the formal core of the Tarski truth definition; Sec- 
tion 4 below describes it in terms of fregean values. This formal description 
carries over straightforwardly from formulas to games, as soon as we have 
said what subgames are and what the value of a game is. Section 5 will 
describe the games and their subgames. Section 6 will propose suitable val- 
ues for games. (There might be better choices here that I didn’t think of.) 
Then Sections 7 and 8 carry out the extension to fregean values, first for 
games of perfect information and then under imperfect information. 

As hoped, the fregean value of a subgame is in terms of sets of assign- 
ments rather than single assignments. But also we can see a game-theoretic 
reason for this. The following summary will perhaps make more sense at 
the end of the paper, but I hope it conveys something already at this stage. 

The value of a game is defined in terms of the existence of certain strate- 
gies for the players. The definition of values by induction on subgames builds 
up these strategies. Now one familiar move in building up a strategy o for 
a player p, at a place where another player p’ is about to move, is to find 
a strategy oq corresponding to each possible choice a by p’. We build ø 
as follows: player p waits to see what choice a player p’ makes, and then 
proceeds with o,. But under conditions of imperfect information p may 
not know what choice p’ is making. (Or to say the same thing in terms of 
information partitions, the composite strategy o may give different answers 
on data items in the same partition set.) So this kind of gluing is blocked. 
The consequence is that we can give player p this strategy o only if we know 
that it works uniformly for all choices that player p’ can make. In other 
words, the information that we have to carry up from the subgames is not 
that certain data states allow strategies, but that certain sets of data states 
allow the same strategy. In short, we need to go up one type level in order 
to sidestep the fact that we can’t in general glue strategies together. 


4 Fregean values 


This section summarises without proofs the main results in [Ho;o00]. 
Suppose E is a set of objects called expressions (for example the formulas 
of a logic). We assume expressions can have parts that are also expressions. 


We write F(&,...,&,) for an ‘expression with holes’, that gives an an ex- 
pression F(e,,...,€n) when suitable expressions €1,...,@, are put in the 
holes, putting e; in hole €; for each i. 

We assume given a family F of such ‘frames’ F'(&,...,&), with four 
properties: 


1. F is a set of nonempty partial functions on E. (‘Nonempty’ means 
their domains are not empty.) 


2. (Nonempty Composition) If F(&,...,&) and G(m,...,7m) are 
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frames, 1 <i < n and there is an expression 
F(e1, To ,6-1,G(fi, sey fm), €i+1, os rên) 
then F(¿1, Rene 8-1, GM, Pac Nm), i415 ites Ên) is a frame. 


3. (Nonempty Substitution) If F(e1,...,e€n) is an expression, n > 1 and 
1<i<n, then 


F(&,. i E eres eyes En) 
is a frame. 


4. (Identity) There is a frame 1(€) such that for each expression e, 
1(e) =e. 


Assume also that S C E. We refer to the expressions in S as sentences, 
since this is what they are in most applications to logics. Assume that a 
function u with domain S is given. The function pu gives a ‘value’ to each 
sentence; we make no assumptions at all about what kinds of object these 
values are. 

Under these assumptions, we define a relation = on E as follows. (It 
expresses that two expressions make the same contribution to the p-values 
of sentences containing them.) For all expressions e and f, e = f if and 
only if 


(a) for each frame F(E) with one variable, F (e) is in S if and only if F(f) 
is in S; 
(b) whenever F(e) and F(f) are in S, u(F(e)) = u(F(f)). 


Then = is an equivalence relation. If distinct values are assigned to 
the distinct equivalence classes, then we call the value |e| assigned to the 
equivalence class of e the fregean value of e. (Again the nature of these 
values is unimportant; all that matters is whether or not two expressions 
have the same fregean value.) 


Lemma 4.1. Suppose that for every expression e there is a frame F(€) 
such that Fe) is a sentence. Then for each frame G(&1,...,&,) there is a 
function hg such that for all expressions e€1,...,€n such that G(e1,..., en) 
is an expression, 


|G(e1,..-,€n)| = he(leil,.--; |en|)- 


In a common turn of phrase, Lemma 4.1 says that fregean values are 
‘compositional’. The function hg is called the Hayyan function of G in [Hojco]. 
(The name ‘fregean’ was suggested by some passages in Frege’s Grundlagen 
der Arithmetik; Hayyan functions are named after the 14th century linguist 
Abu Hayyan al-Andalusi, who argued that such functions must exist.) 
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Lemma 4.2. Let e and f be sentences. If e = f then p(e) = u( f). Hence 
there is a function r defined on the fregean values of sentences, such that 
for every sentence e, u(e) = r(Jel). 


The message of these two lemmas together is that the function u, which 
is quite arbitrary, can always be defined through an inductive definition of 
fregean values, where the induction is on the complexity of expressions. The 
fregean values of atomic expressions have to be given directly as the base 
case. The Hayyan functions take care of the inductive steps, and finally 
the function r reads off u from the fregean values of the sentences. It turns 
out that in standard examples of truth definitions we can take r to be the 
identity. One such case is where E is the set of formulas of slash logic, S 
is the set of sentences, u is the assignment of truth values to sentences as 
given by the game semantics, and the fregean values are the values given to 
formulas by the trump semantics. 

The intended applications of this machinery were languages. But noth- 
ing prevents us from carrying them over to games. The set S will consist 
of the games and the set E will consist of the subgames of these games (in 
some suitable sense). We give each game G a ‘value’ u(G) in terms of the 
effects of strategies of the players, and then we compute fregean values for 
the subgames. This will yield an inductive definition for the values u(G), 
working directly on the games without any intervention of formulas. In this 
setting we can test the effect of moving from games of perfect information 
to games of imperfect information. Does it move the values up a type? 


5 The games 


The first step in our programme is to define the games and the subgames so 
that the assumptions of Section 4 hold. The requirements are fairly strong. 
The games have to be constructed inductively from their subgames. The 
notion of substituting one subgame for another has to make sense. So does 
the notion of imperfect information. Already the games start to look a little 
like formulas. But we can discard the notion that there are just two players, 
and we don’t need the notions of winning and losing. The players need not 
be in competition with each other. 
I think we need the following ingredients. 


e First and trivially, there must be more than one player. (Otherwise 
the notion of imperfect information becomes degenerate.) We write 
P for the set of players. 


e Second, as the game proceeds, the players build up a bank of data (cor- 
responding to the assignment of elements to variables). It’s enough to 
assume there is a set Q of questions, each of which has a nonempty 
set of answers. A data state is a function defined on a set of questions, 
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taking each of these questions to one of its answers. We write D for 
the set of data states. 


e Third, some of the choices of the players are structural; they have 
no effect on the data state, but they control who moves next, what 
the criteria are for deciding the payoffs, what information can be fed 
into strategies, and so forth. Thus at any stage of the play a data 
state s and a sequence ¢ of structural moves have been built up. The 
information fed into the play by the sequence ¢ determines a ‘subgame’ 
which is to be played ‘at’ the data state s. 


e Fourth, the fact that the same subgame can be played at different 
data states allows the possibility that the player who moves at this 
subgame may have incomplete information about the data state. 


e Fifth, the players can move to subgames only finitely often in a play. 
Eventually they reach an atomic subgame; when they do, the payoff to 
each player is determined by the subgame and the data state. There 
is no need to assume that the payoffs are wins or losses; real number 
values will suffice, and they need not add up to zero. 


e Sixth, for each subgame H there is an associated set of questions 
m(H), which we can call the matter of H, with the property that H 
can be played as soon as we are given a data state s which answers 
all questions in m(H). (This corresponds to the free variables of a 
formula.) We need an assumption like this in order to make sense of 
substitution of subgames. 


The following definitions are meant to give shape to these ingredients. They 
are strongly influenced by Parikh’s paper [Pas83]. 

We assume given the set P of players, the set Q of questions and the set 
D of data states, as above. Given a finite subset W of Q, we write D | W 
for the set of all data states whose domain is W, and R?'™ for the set of all 
functions from D | W to the set R of real numbers. If s is a data state, q is 
a question and a is an answer to q, we write s(q/a) for the data state whose 
domain is domain(s) U{q}, and which agrees with s everywhere except that 
s(q/a)(q) =a. 

We define inductively the set of game parts. Formally, the game parts 
will be finite sequences. Later we will explain how they are played. 


(a) For every finite W C Q and every function f : P — RPW, (W, f) is 
a game part; its matter is W. Game parts of this form are atomic. 


(3) For every finite set W C Q, every player p E€ Q, every partition m of 
D | W, every question q E€ Q \ W and every game part J with matter 
C W U {q}, there is a game part (W, p, m, q, J) whose matter is W. 


Logics of Imperfect Information 125 


(y) For every finite set W C Q, every player p € P, every partition 7 of 
D | W and every nonempty set X of game parts with matter C W, 
there is a game part (W, p, n, X} whose matter is W. 


For each game part H with matter W and each data state s with domain 
D W, H is played at s as follows: 


(a) If H is (W, f) then there is an immediate payoff of f(p)(s 1 W) to 
each player p. 


(3) If H is (W,p,7,q, J), then player p moves by choosing an answer a to 
the question q, and the play continues as a play of J at the data state 


s(q/a). 


(y) If H is (W,p,7,X), then player p moves by choosing a game part 
J € X, and the play continues as a play of J at the data state s. 


Each game part H determines a labelled tree T(H) branching downwards. 
If H is (W,f) then T(H) has a single node, labelled with H. If H is 
(W,p,7,q,J7) then T(H) is T(J) with a single node added at the top, car- 
rying the label H. If H is (W,p,a,X) then the top node of T(H) carries 
the label H, and the successors of the top node are the top nodes of copies 
of the trees T(J), one for each J € X. 

A game is a game part with empty matter. We say that a game part H 
is a subgame of a game part G if H occurs as a label on a node of T(G). 
Note that a game part G can have several occurrences of a game part H 
in it. 

Suppose a play of a game part G at a state s is in progress, and the 
players have just reached an occurrence of the subgame H of G. Then the 
choices of the players consist of: (1) the sequence Z of subgames that label 
the nodes as one travels down T(G) from the top to the relevant occurrence 
of H—the sequence lists the game parts chosen at subgames of the form (7) 
in earlier moves of the play; (2) a data state t representing s together with 
the choices made at subgames of the form (8) in earlier moves. We call the 
pair (Z, t) a position in the play. The pair (€, s) determines the domain of 
t (namely, the union of the domain of s and the set of questions answered 
at moves reported in ¢); we call this domain the current domain at (Z, s). 
The sequence € also determines the player who will move next; we call this 
player the current player at c. The current game part at the position (Z, t) 
is the final game part H of c. If this game part is of the form (W, p,7,...), 
then p and 7 are respectively the current player and the current partition 
at č. Here the current game part, player and partition depend only on g, 
and the current domain depends only on č and s; but since the position 
(c, t) determines s, we can speak of any of these things as being current at 
the position (Z, t). 
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A strategy for a player p in a game part G at a data state s is a family o 
of functions oz indexed by the sequences € such that p is the current player 
at č. For each position (Z, t) where p is the current player, a2(t) is a possible 
move for p in the current subgame. There is some redundancy here, because 
a strategy is defined at positions in the game which could never be reached 
if the strategy was followed; but this redundancy will never matter and it 
would be a nuisance to exclude it. Note that the strategy o depends on s 
and not just on G; the dependence on s will be important below. 

So far the partitions have played no role. Their purpose is to restrict 
the allowed strategies, as follows. We say that a strategy o for player p in 
game part G at s is admissible at ¢ if for all data states t,u with domain 
the current domain W at ¢, if 


s | W and t | W lie in the same partition set of the current 
partition at ¢, 


then 
d2(s) = oz(t). 


We say that a strategy o for p is admissible if it is admissible at all č at 
which p is the current player. 

A game G is of perfect information if all the partitions appearing in 
G are trivial, i.e. all their partition sets are singletons. For a game of 
perfect information, every strategy is admissible. When we discuss games 
of perfect information, we can ignore their partitions; for example we can 
write (W, p,n, X} as (W, p, X). 

In Sections 7 and 8 below we will sometimes talk of strategies that are 
restricted to subsets of some set D | W. It makes sense to glue together 
several such strategies, provided that no two of them are defined on members 
of the same partition. 


If J is a game part occurring in the subgame H, and J’ is a subgame 
with the same matter as J, then we can form a new subgame H(J'/J) by 
replacing the occurrence of J by an occurrence of J’; the matter of H(J’/J) 
is the same as that of H. (The notation is a shorthand; there might be other 
occurrences of J in H, and these stay unchanged.) 

It would be possible to substitute J’ for J in H even if the matter of J’ 
is not the same as that of J. But suppose the question q is in the matter 
of J’ and not in that of J. Let G be a game where some player chooses in 
turn answers to the questions in m(J), and then the game continues as J. 
Then substituting J’ for J in G yields a subgame G’ whose matter contains 
q; so this substitution turns a game into a game part that is not a game. 
We will bar this kind of substitution. In other words, we will consider only 
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substitutions where (a) of Section 4 holds. So the significant question will 
be when (b) holds too. 

Our notion of subgame is not the more familiar one due to Selten [Se065]. 
A Selten subgame in our context would be a pair (G, s) where G is a subgame 
that can be played at data state s. For us it is essential that the same 
subgame can be played at different data states. This is the game analogue 
of the fact that a subformula allows different assignments to its variables. 


6 Game values 


We define the value of a game G to a player p, Hp(G), to be the supremum 
of the reals À such that p has an admissible strategy which ensures that the 
payoff to p is at least A. So up(G) is an element of RU {00}. We can take 
the value u(G) of G to be the function taking each player p to up(G). But 
in fact all our calculations of values will consider one player at a time. 

This is a generalisation of the assignment of truth values to sentences 
in logic. The logical case is where there are two players, the payoffs are all 
either 0 or 1, and for any atomic game part at any data state the payoffs to 
the two players add up to 1. One could generalise in other ways (for example 
taking values in a complete boolean algebra), but I chose something simple 
that seems to fit with the habits of game theory. 

Now that we have the values of games, we can apply the framework of 
Section 4. We take E to be the set of game parts, S' to be the set of games 
and u to be the value function just defined. Every game part is a subgame 
of a game, so that the hypothesis of Lemma 4.1 holds. (It would have failed 
if we allowed the matter of a game part to be infinite, since only finitely 
many questions get answered during a play.) 

Following Section 4 we define a relation = on subgames: H = J if and 
only if (a) H and J have the same matter, and (b) for every game G con- 
taining an occurrence of H, u(G(J/H)) = u(G). Then = is an equivalence 
relation on E. If we can identify the equivalence classes, we can label them 
with fregean values, and then we have a definition of u by induction on 
subgames. 


7 The extension under perfect information 


In this section all games are of perfect information, so that all strategies are 
admissible. Here the situation is familiar enough to suggest where to look 
for fregean values. 


Definition 7.1. Let G be a game part. 


(a) Let p be a player and s a data state with domain D m(G). Define the 
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value of G at s to p, up(G, s), by: 


vup(G,s) = sup{A: p has a strategy which, when G is played at 
state s, guarantees that the payoff to p is at least A}. 


(b) We define vp(G) to be the function with domain D | m(G), whose 
value for each s in this set is vp(G, s). 


(c) We define v(G) to be the function with domain P, whose value for 
each player p is up(G). 


In the case where G is a game, vp(G) = up(G) for each player p, and so 
v(G) = u(G). In the case where G is atomic, there is an immediate payoff 
to each player for each s € D | m(G), and v(G) records these payoffs. 

The definition of v(G) depends only on the values v(G, s) where s has 
domain m(G). But G can be played at data states s with much larger 
domains. We need to show that for these s the values v(G, s) are determined 
by v(G). (This is fundamental. If it failed, the values v(G’) wouldn’t be 
fregean values obeying the conclusion of Lemma 4.1.) 


Lemma 7.2. (Under perfect information.) Suppose a game part G has 
matter W, and s is a data state with domain W’ D W. Let p be a player. 
Then the value of G at s for p is equal to the value of G at s | W for p. 


Proof. Suppose ø is a strategy for p in G at s | W that guarantees p a 
payoff of at least A. Let 7 be the following strategy for p in G at s: ignore 
any answers to questions not in W, and use ø. Induction on the complexity 
of G shows that this is a strategy for p in G at s; the ignored values are 
never needed, and in particular they make no difference to the payoff. Thus 
T guarantees payoff at least A for p. 

Conversely suppose 7 is a strategy for p in G at s that guarantees p a 
payoff of at least A. Then let ø be the strategy for p in G at s | W that 
uses 7, filling in the extra values from s. Again o guarantees payoff at least 
A to p. Q.E.D. 


Theorem 7.3. (Under perfect information.) Suppose H and H’ are game 
parts with the same matter. Then H = H’ if and only if v(H) = v(H’). 


Proof. We fix a player p. Assuming that v,(H) = vp( H’), we prove that for 
every game part G in which H occurs as a subgame, vp(G) = v,(G(H'/H)). 
The proof is by induction on the complexity of G. By the lemma, we need 
only show that vp(G, s) = vp(G(H'/H), s) when s has domain m(G). 

(a) Suppose first that G = H. Then G(H’/H) = H’, so the result is 
immediate. 
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(3) Suppose that p’ is a player, G is (W, p',q, J), s is a data state with 
domain m(G), and vp(G, s) = A. Then for every \’ < À, p has a strategy for 
G at s which guarantees p a payoff of at least 4’. We aim to show the same 
for G(H'/H). There are two cases, according as p’ is p or another player. 

Suppose first that p’ Æ p. Then for each A’ < À and each possible choice 
a of p' at G, there is a strategy oq for p for J at s(a/q) which guarantees p 
a payoff of at least A’. 

Now by induction hypothesis v,(J) = vp(J(H'/H)), so the lemma tells 
us that vp(J, s(a/q)) = vp(J(H'/H), s(a/q)) for each a. It follows that for 
each a, player p has a strategy Ta for J(H’/H) at s(a/q) which guarantees p 
a payoff of at least A’. For each A < A we can glue these strategies together 
to produce a strategy 7 for pin G at s, namely: Wait for the choice a and 
then play Ta. This strategy guarantees p a payoff of at least \’. Hence again 
v,(G(H'/H),s) > vp(G, s), and symmetry gives the converse. 

The other case, where p’ is p, is similar but easier. The strategy o for 
p at G chooses an element a to answer q, and then we need only consider 
s(a/q) for this a, so that no gluing is needed. 

(y) Suppose p’ is a player and G is (W,p’,q,X). Then the argument 
of case (8) applies with appropriate changes. Note that since the different 
subgame occurrences have their own strategy functions, there is no need for 
any gluing in this case. 

This proves one direction. For the other, suppose vp(H) < vp(H’), and 
choose À with vp(H) < À < vp(H'). Then p has no strategy in H that 
guarantees that for all s, p will get payoff A. Hence there is some s such 
that p can’t guarantee to get A, playing at s. Consider the game where some 
other player chooses assignments to the domain of s, then p picks up and 
plays H. In this game G player p can’t guarantee to get payoff A, since the 
other player could play s. But by assumption player p can guarantee to get 
payoff A in G(H’/H). Hence u(G(H'/H)) 4 u(G), so that H # H'. Q.E.D. 


Suppose we restrict to any smaller class of games which is closed under 
substitution of subgames with the same matter, and under (8) of Section 
5. (An example of such a class is where in (y) we require the set X to be 
finite. This comes nearest to first-order logic.) Then the entire argument 
above goes through. 


8 The extension under imperfect information 


We turn to our major question. What is needed to repair the proof of 
Theorem 7.3 if we drop the assumption of perfect information? 

Lemma 7.2 doesn’t survive unaltered, but with a suitable definition of 
values we can still get the main point of the lemma, which is that the 
values at data states whose domain is the matter determine the values at 
all other data states. The proof of Theorem 7.3 also goes through except for 
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one point: in the gluing at case (3), nothing guarantees that the resulting 
strategy 7 is admissible. A little meditation shows that the problem is 
serious. No information about the existence of separate admissible strategies 
Ta for J(H’/H) at s(a/q) is going to guarantee a single admissible strategy 
for G(H'/H) at s. 

So we have to carry up inductively the information that certain sets of 
data states lie within the domains of admissible strategies. 


Definition 8.1. Let G be a game part. 


(a) Let p be a player, and let W be a finite set of questions D m(G). 
Define the value of G at a subset S of D | W to p, up(G, S), by: 


vp(G, S) =sup{A: p has an admissible strategy which, when 
G is played at any state s € S, guarantees 
that the payoff to p will be at least A}. 


(b) We define v,(G) to be the function with domain the power set of 
D | m(G), whose value for each subset S of D | m(G) is vp(G, S). 


(c) We define v(G) to be the function with domain P, whose value for 
each player p is up(G). 


Then as before, v(G) = u(G) whenever G is a game. 

Suppose W’ >D W and S is a subset of D | W’. We say that s,¢ in S are 
in the same fibre of S along W if s | (W’\ W) = t [ (W’\W). This defines 
an equivalence relation, and its equivalence classes are called the fibres of S 
along W. 


Lemma 8.2. Suppose a game part G has matter W, W’ is a finite set D W, 
and S is a set of data states with domain W’. Let p be a player. Then the 
value of G at S for p is equal to the infimum of the values of G at the fibres 
of S along W for p. 


Proof. (Cf. [Ho197a, Lemma 7.4].) Let A be the infimum of the values of G 
at the fibres of S along W for p. Then for each \’ < A and each fibre y of 
S along W, there is an admissible strategy o, for p on p, which guarantees 
p a payoff of at least \’. Fixing A’, glue together these strategies on the 
separate fibres, to get a strategy o on W. In the definition of admissibility, 
elements of different fibres never agree off W; so the admissibility of the o, 
guarantees that g is admissible. Thus the value of G at S for p is at least A. 

An easier argument in the other direction shows that if the value of G 
at S for p is at least A, then the value at each fibre is at least A too. Q.E.D. 


We repeat the theorem, but under imperfect information and with the 
new definition of v. 
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Theorem 8.3. Suppose H and H’ are game parts with the same matter. 
Then H = H’ if and only if v(H) = v(H’). 


Proof. We fix a player p. Assuming that vp(H) = vp( H’), we prove that for 
every game part G in which H occurs as a subgame, vp(G) = vp(G(H'/ĦH)). 
The proof is by induction on the complexity of G. By the lemma, we need 
only show that v,(G, S) = vp(G(H'/H), S) when S C D [ m(G). 

(a) The case where G = H is as before. 

(3) Suppose that p’ is a player, G is (W,p’,7,q,J), S C D | W and 
u,(G,S) = à. Then for every à’ < À, p has an admissible strategy for G at 
S which guarantees p a payoff of at least A’. We aim to show the same for 
G(H'/H). There are two cases, according as p’ is p or another player. 

Suppose first that p’ = p. Then: 


there is an admissible function o for p such that p has an admissi- 
ble strategy for J at S7 = {s(a(s)/q) : s € S} which guarantees 
p a payoff of at least A. 


Now by induction hypothesis vp(J) = vp(J(H'/H)). Hence by the lemma, 
Up(J, S7) = vp(J(H'/H), S°). It follows that p has an admissible strategy 
for J(H’/H) at S° which guarantees p a payoff of at least A’. Combin- 
ing this strategy with ø, p has an admissible strategy for G(H’/H) at S 
which guarantees a payoff of at least A’. Thus vp(G) < vp(G(H'/H)), and 
symmetry gives the converse. 

Next, suppose p’ # p. The argument is the same, except that in place 
of S7 we use S41 = {s(a/q) : s E€ S,a an answer to q}. 

(y) Suppose that p’ is a player, G is (W, p', n, X) and S C D | W. One 
can adjust the arguments of case (8) to this case without needing any new 
ideas. 


Now conversely suppose that m(H) = m(H') # Ø, and for some S 
with domain m(H) = {q1,..., qk}, Up(H, S) < vp(H’,S). Then the same 
inequality must hold for some nonempty intersection of S with a class of 
the current partition at H; so we can assume that S lies in a single class 
of this partition. Choose \,’ with vp(H, S) < x’ < A < vp(H', S). Let 
f: P — RPH) be the function that takes each player p' 4 p to the 
constant function with value 0, and that satisfies 


N ifs eS, 
f(p)(s) = { à otherwise. 


Let po be some player other than p, and let G be the game 


(Ø, po, qı, {a}, Po, 92; €- - -> 9k, (m(H), p, {H, (m(H), f)}) ---) 
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where the missing partitions are all trivial, so that the information is perfect 
except perhaps within H. 

In the game G, player po can use the first k moves to pick an element 
of S. Then by assumption p has no admissible strategy in H guaranteeing 
a payoff > A, and choosing (m(H), f) guarantees p a payoff of only A. 
So up(G) < X. On the other hand p has a strategy for G(H’/H) which 
guarantees a payoff of at least A. Namely, if po chooses s in S, then pick 
H’ and play a suitable admissible strategy at S in H’; if po chooses outside 
S, then choose (m(#), f) and collect A. Since G is a game, it follows that 
HZ H. Q.E.D. 


Just as in the previous section, the theorem still holds good if we restrict 
to a class of games with reasonable closure conditions. I omit details. 


9 Conclusion 


In the games above, we get fregean values for game parts by assigning values 
to sets of data states, not to single data states. This is the exact analogue 
of what happens in the semantics for slash logic as in [Ho197a]. The proofs 
make clear why this is the right level: in some sense the argument was 
always about sets of data states rather than data states one at a time—but 
in the case of perfect information we could disguise this fact by taking the 
data states one at a time and then gluing. 

The games above do look rather like formulas. (I don’t know whether 
they have any other application.) But our arguments show that some fea- 
tures of logical formulas are irrelevant to the fact that fregean values go with 
sets of data states. In particular the number of players is irrelevant as long 
as it is at least two. Competition between the players is irrelevant. Truth 
(as opposed to real number values) is also irrelevant. Last but not least, the 
information partitions that we allowed are much more general than those 
that arise from IF or slash logic. 
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Abstract 


Let us assume that some agents are connected by a communication 
graph. In the communication graph, an edge from agent i to agent 
j means that agent i can directly receive information from agent j. 
Agent i can then refine its own information by learning information 
that j has, including information acquired by j from another agent, 
k. We introduce a multi-agent modal logic with knowledge modalities 
and a modality representing communication among agents. Among 
other properties, we show that the logic is decidable, that it com- 
pletely characterizes the communication graph, and that it satisfies 
the basic properties of the subset space logic of Moss and Parikh. 


1 Introduction 


The topic “who knew what and when” is not just of interest to epistemic 
logicians. Often it is the subject of political scandals (both real and imag- 
ined). For example, consider the much talked about Valerie Plame affair. 
A July 2003 column in the Washington Post reported that Plame was an 
undercover CIA operative. This column generated much controversy due to 
the fact that such information (the identity of CIA operatives) is restricted 
to the relevant government officials. Of course, in this situation, we know 
full well “Who knew what and when”: in July of 2003, Robert Novak (the 
author of the article) knew that Plame was a CIA operative. What creates 
a scandal in this situation is how Novak came to know such information. 


Johan van Benthem, Dov Gabbay, Benedikt Löwe (eds.). Interactive Logic. Proceedings of 
the 7th Augustus de Morgan Workshop, London. Texts in Logic and Games 1, Amsterdam 
University Press 2007, pp. 135-157. 


136 E. Pacuit, R. Parikh 


Since the CIA goes to great lengths to ensure that communication about 
sensitive information is contained within its own organization, the only way 
Novak could have known that Plame was a CIA operative was if a commu- 
nication channel had been created between Novak and someone inside the 
CIA organization. 

To put this a bit more formally, given a set of agents A, call any graph 
G = (A, E) a communication graph where the intended interpretation 
of an edge between agent 7 and agent j is that i and j can communicate. 
In this setting, the CIA can be represented as a connected component of 
G. Given that the CIA is the only group of agents that (initially) knows 
the identity of CIA operatives, and Novak is not an element of the CIA 
component of G then we can conclude that Novak did not originally know 
the identity of CIA operatives and no amount of communication that respects 
the graph G can create a situation in which Novak does know the identity 
of a CIA operative. Thus Novak’s report in the Washington Post implied 
that our original communication graph was incorrect!. That is, there must 
be an edge (or a chain) between Novak and some agent inside the CIA 
component. Since in principle, Novak could be connected to any member of 
the CIA component, much resources and time have been spent discussing 
the possible edges. 

In this paper we develop? a multi-agent epistemic logic with a commu- 
nication modality where agents are assumed to communicate according to 
some fixed communication graph. Agents are assumed to have some private 
information at the outset, but may refine their information by acquiring 
information possessed by other agents, possibly via yet other agents. That 
is, each agent is initially informed about the truth values of a finite set of 
propositional variables. Agents are assumed to be connected by a commu- 
nication graph. In the communication graph, an edge from agent 7 to agent 
j means that agent i can directly receive information from agent j. Agent i 
can then refine its information by learning information that j has, including 
information acquired by 7 from another agent, k. 

In keeping with the CIA-theme, we give an example from [PagPa505] of 
the type of situations that we have in mind. Let K;y mean that according to 
ts current information y is true. Given a communication graph G = (A, E), 
we say that a sequence of communications (i learns a fact from j who 
learns a fact from k, and so on) respects the communication graph 
if agents only communicate with their immediate neighbors in G. Let Ow 
mean that y becomes true after a sequence of communications that respects 


1 Of course, it could also mean that we were incorrect about the agents’ initial informa- 
tion — Novak could have had previous knowledge about the identity of CIA agents. 
In this paper, we are interested in studying communication and so will not consider 
this case. 

2 This framework was first presented in [PaoPas05]. 
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the communication graph. Suppose now that y is a formula representing the 
exact whereabouts of Bin Laden, and that Bob, the CIA operative in charge 
of maintaining this information knows y. In particular, Kpopy, but suppose 
that at the moment, Bush does not know the exact whereabouts of Bin 
Laden (=Kgushy). Presumably Bush can find out the exact whereabouts 
of Bin Laden (OKepusny) by going through CIA director Hayden, but of 
course, we cannot find out such information (~OKgy A -OKry) since we 
do not have the appropriate security clearance. Clearly, then, as a pre- 
requisite for Bush learning y, Hayden will also have to come to know y. We 
can represent this situation by the following formula: 


7aKepushY A (K Bushy — K Hayden) 


where [O is the dual of diamond (Hy is true if y is true after every sequence 
of communications that respect the communication graph). 

Section 2 gives the details of our framework and the main results. Section 
3 contains a discussion of some other relevant literature. We conclude the 
paper by discussing our underlying assumptions and provide pointers to 
future work. 


2 The logic of communication graphs 


This section describes the logic of communication graphs, K(G), introduced 
in [PagPa;05]. The intended application is to reason about the flow of in- 
formation among a group of agents whose communication is restricted by 
some communication graph. We begin by making some simplifying assump- 
tions about the nature of the communication. Thus the logic presented here 
should be viewed as a first step towards a general logic to reason about the 
situations described in the Introduction. 

Let A be a set of agents. A communication graph is a directed graph 
Ga = (A, E) where E C Ax A-— {(i,i) |i € A}. Intuitively (i,j) € E 
means that 7 can directly receive information from agent j, but without j 
knowing this fact. Thus an edge from i to j in the communication graph 
represents a one-sided relationship between i and j. Agent 7 has access to 
any piece of information that agent j knows (but in a restricted language). 
We have introduced this ‘one sidedness’ restriction in order to simplify our 
semantics, but also because such situations of one sided learning occur nat- 
urally. A common situation that is helpful to keep in mind is accessing a 
website. We can think of agent j as creating a website in which everything 
he currently knows is available, and if there is an edge between 7 and j 
then agent 7 can access this website without j being aware that the site is 
being accessed. Another important application is spying where one person 
accesses another’s information without the latter being aware that informa- 
tion is being leaked. Naturally 7 may have been able to access some other 
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agent k’s website and had updated some of her own information. Therefore, 
it is important to stress that when 7 accesses j’s website, he is accessing j’s 
current information which may include part of what k knew initially. 

In order for any communication to take place, we must assume that 
the agents understand a common language. Thus we assume a set At of 
propositional variables, understood by all the agents, but with only specific 
agents knowing their actual values at the start. Letters p, q, etc., will denote 
elements of At. The agents will have some information — knowledge of the 
truth values of some elements of At, but refine that information by acquiring 
information possessed by other agents, possibly via yet other agents. This 
implies that if agents are restricted in whom they can communicate with, 
then this fact will restrict the knowledge they can acquire. 

The assumption that 2 can access all of j’s information is a significant 
idealization from common situations, but becomes more realistic if we think 
of this information as being confined to facts expressible as truth functional 
combinations of some small set of basic propositions. Thus our idealization 
rests on two assumptions: 


1. All the agents share a common language, and 


2. The agents make available all possible pieces of (purely propositional) 
information which they know and which are expressible in this com- 
mon language. 


The language is a multi-agent modal language with a communication 
modality. The formula K;y will be interpreted as “according to it’s current 
information, i knows y”, and Oy will be interpreted as “after some commu- 
nications (which respect the communication graph), y becomes true”. For 
example the formula 

K;y > OKiy 


is intended to express the statement: “If agent j (currently) knows y, then 
after some communication, agent i can come to know y”. Let At be a 
finite set of propositional variables. A well-formed formula of K(G) has the 
following syntactic form 


yg :=p| w | VAt | Kip | %e 


where p € At. We abbreviate ~K;7y and 70-9 by Liv and Oy respec- 
tively, and use the standard abbreviations for the propositional connectives 
(V, >, and L). Let Lig) denote the set of well-formed formulas of K(G). 
We also define £o(At), (or simply £o if At is fixed or understood), to be the 
set of ground formulas, i.e., the set of formulas constructed from At using 
a, A only. 
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2.1 Semantics 


The semantics described here combines ideas both from the subset models 
of [Mo3Pa592] and the history based models of Parikh and Ramanujam (see 
[PasRa285, PasRa203]). We assume that agents are initially given some 
private information and then communicate according to some fixed com- 
munication graph G. The semantics in this section is intended to formalize 
what agents know and may come to know after some communication. 

Initially, each agent i knows or is informed (say by nature) of the truth 
values of a certain subset At; of propositional variables, and the At; as well 
as this fact are common knowledge. Thus the other agents know that i 
knows the truth values of elements of At;, but, typically, not what these 
values actually are. We shall not assume that the At; are disjoint, but for 
this paper we will assume that the At; together add up to all of At. Thus 
if At; and At; intersect, then agents 7,7 will share information at the very 
beginning. Let W be the set of boolean valuations on At. An element v € W 
is called a state. We use 1 for the truth value true and 0 for the truth value 
false. Initially each agent i is given a boolean valuation v; : At; > {0,1}. 
This initial distribution of information among the agents can be represented 
by a vector v = (v1,...,Un). Of course, since we are modelling knowledge 
and not belief, these initial boolean valuations must be compatible. I.e., for 
each 7,7, vi and vj agree on At; N At;. Call any vector of partial boolean 
valuations y = (v1,...,Un) consistent if for each p E€ dom(v;) N dom(v,), 
vi(p) = v;(p) for all i,j =1,...,n. Note that there is a 1-1 correspondence 
between consistent vectors and states w as we defined them earlier. We 
shall assume that only such consistent vectors arise as initial information. 
All this information is common knowledge and only the precise values of 
the v; are private. 


Definition 2.1. Let At be a finite set of propositional variables and A = 


{1,...,n} a finite set of agents. Given the distribution of sublanguages 
At = (Atı, ... , Atn), an initial information vector for At is any consistent 
vector Y = (v1,..-,Un) of partial boolean valuations such that for each 


LE A, dom(v;) = At;. 


We assume that the only communications that take place are about the 
physical world. But we do allow agents to learn objective facts which are 
not atomic, but may be complex, like p V q where p,q € At. Now note that 
if agent 2 learned some literal from agent 7, then there is a simple way to 
update 7’s valuation v; with this new information by just adding the truth 
value of another propositional symbol. However, if 7 learns a more general 
ground formula from agent j, then the situation will be more complex. 

For instance if the agent knows p and learns q V r then the agent now 
has three valuations on the set {p,q, r} which cannot be described in terms 
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of a partial valuation on a subset of At. 

Fix a communication graph G and suppose that agent i learns some 
ground fact y (directly) from agent j. Of course, there must be an edge 
from agent 7 to agent j in G. This situation will be represented by the 
tuple (i,j, p) and will be called a communication event. For technical 
reasons we assume that all formulas in a communication event are expressed 
in a canonical disjunctive normal form (DNF). That is, we assume y is a 
set {C1,..., Ck} where each C; is a consistent finite set of elements of At 
and their negations. Let Lpnr(At) be the set of all such sets. Each set 
{Ci,...,Cx} represents the formula V/;_, ,ACi. Recall that for each 
formula % € Lo(At) there is a unique element {C1,..., Ck} € Cpnr(At) 
such that Vj, , A Ci is logically equivalent to ~. In what follows, we 
shall sometimes use y to mean either a formula (an element of C(At) or 
£o(At)) or an element of £pnr(At) and trust that this ambiguity of notation 
will not cause any confusion. Of course we could use a unique element of 
£o(At) to express a member of £pnr(At) and that too would work. 


Definition 2.2. Let G = (A, Eg) be a communication graph. A tuple 
(i,j, p), where y € Lpnr(At) and (i, 7) € Eg, is called a communication 
event. Then Ug = {(i, j, p) | p € Lpnr, (i, j) € Eg} is the set of all possible 
communication events (given the communication graph G). 


The following fact will be needed in what follows. The proof is well-known 
and is left to the reader. 


Lemma 2.3. Suppose that there are k elements in At and n elements in 
A. Then for any communication graph G, there are at most n x n x (22°) 
elements in Ug. 


Given the set of events Ug, a history is a finite sequence of events. L.e., 
H € X. The empty history will be denoted e. The following notions 
are standard (see [PasRa285, PasRa203] for more information). Given two 
histories H, H’, say H < H’ if and only if H’ = HH” for some history 
H”, i.e., H is an initial segment of H’. Obviously, < is a partial order. If 
H is a history, and (i, j, p) is a communication event, then H followed by 
(i,j, p) will be written H; (i,j, yp). Given a history H, let \;(H) be it’s local 
history corresponding to H. I.e., A;(H) is a sequence of events that i can 
“see”. Given our assumption of “one-sided communication”, for this paper 
we use the following definition of A;: Map each event of the form (i, j, p) 
to itself, and map other events (m, j, Y) with m Æ i to the null string while 
preserving the order among events. 


Definition 2.4. Fix a finite set of agents A = {1,...,n} and a finite set 
of propositional variables At along with subsets (Atı,..., Atn). A com- 
munication graph frame is a pair (G,At) where G is a communication 
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graph, and At = (Ati,...,At,) is an assignment of sub-languages to the 
agents. A communication graph model based on a frame (G, At) is a 
triple (G, At, v), where @ is an initial information vector for At. 


Now we address two issues. One is that not all histories are legal. For 
an event (i,j, p) to take place after a history H, it must be the case that 
(i, j) € Eg, and that after H (and before (i, j, y)), j already knew y. Clearly 
i cannot learn from j something which j did not know. Whether a history 
is justified depends not only on the initial valuation, but also on the set of 
communications that have taken place prior to each communication in the 
history. 

The second issue is that the information which an agent learns by “read- 
ing” a formula y may be more than just the fact that ọ is true. For suppose 
that i learns p V q from j, but j is not connected, directly or indirectly, to 
anyone who might know the initial truth value of q. In this case ¿i has 
learned more than p V q, i has learned p as well. For the only way that j 
could have known p V q is if 7 knew p in which case p must be true. Our 
definition of the semantics below will address both these issues. 

We first introduce the notion of i-equivalence among histories. Intu- 
itively, two histories are t-equivalent if those communications which 7 takes 
active part in, are the same. 


Definition 2.5. Let w be a state and H a finite history. Define the relation 
~; as follows: (w, H) ~; (v, H’) if and only if wfAt; = vfAt; and A;(H) = 
Ai( A"). 


Formulas will be interpreted at pairs (w, H) where w is a state (boolean 
valuation) and H is a history (a finite sequence of communication events). 

To deal with the notion of legal or justified history we introduce a propo- 
sitional symbol L which is satisfied only by legal pairs (w, H). (We may also 
write L(w, H) to indicate that the pair (w, H) is legal.) Since L can only be 
defined in terms of knowledge, and knowledge in turn requires quantification 
over legal histories, we shall need mutual recursion. 


Definition 2.6. Given a communication graph and the corresponding 
model M = (G,At,v), and pair (w, H), we define the legality of (w, H) 
and the truth = m of a formula as follows: 


e Wye Em L 


e w, H; (i,j, p) Em Lif w, H Em L, (i,j) € E and w, H Eu Kjo 


e w, H |m p iff w(p) = 1, where p € At 


e w, H Hm ~y iff w, H Em y 
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e w, H Em Ay iff w, H Ey yand w, H Em Y 


e w, H Em Oy iff SH’, H < H’, L(w, A’), and w, H' Eu y 


e w, H Hm Kig iff V(v, A’) if (w, H) ~; (v, H”), and L(v, H’), then 
v, H' Fm 9 


Unless otherwise stated, we shall only consider legal pairs (w, H), i.e., pairs 
(w, H) such that w,H = L. We say ọ is valid in M, Hm y if for all 
(w,H), w,H m ọ. Finally, we say yọ is valid in the communication 
graph frame £F if ọ is valid in all models based on F. 

There are two notions of validity relevant for our study. The first is 
relative to a fixed communication graph. Let G be a fixed communication 
graph. We say that a formula Y € L(g) is G-valid provided ¢ is valid in all 
communication graph frames F based on G. A formula y € Lx g) is valid 
if y is G-valid for all communication graphs G. Of course validity implies 
G-validity, but not vice versa. We write Fg ọ if y is G-valid and = y if y 
is valid. 

Some comments are in order concerning the above definition of truth. L 
is defined in terms of the knowledge operator, and the knowledge operator 
uses L in its definition. This definition is of course fine since the definition 
uses recursion on the length of the formula. Still, it is not clear that the 
process of determining whether a history is legal will terminate in a finite 
amount of time. For whether or not the history-state pair (w, H; (i, j, y)) 
is legal depends on whether (w, H) satisfies Kj; which, in turn, depends 
on a set of histories which may be longer than H. We now show that the 
process of determining whether a history is legal will terminate. 

We first need some notation. A one-step compression of H is a history 
H’ which is obtained by deleting one second or subsequent occurrences of 
an event (i, j, p) from H. L.e., if (i, j, p) has occurred twice, then eliminate 
some later occurrence. Let c(H) denote the maximally compressed history. 
The history c( H) is generated by including each (i, j, p) event of H exactly 
once according to the following order on events: e comes before e’ iff the 
first occurrence of e in H came before the first occurrence of e’ in H. The 
key observation is that the legality of a history-state pair (w, H) depends 
only on the legality of the pair (w,c(H)). 


Lemma 2.7. Let G be a communication graph, Ng a set of events and H 
be any history over Ug. Suppose that w is a state. Then 


e For all y, and all j, w, H =| Kj» iff w,c(H) H| Ky 
e (w, H) is legal iff (w,c(#)) is legal. 
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Proof. Clearly it is sufficient to prove the two conditions when c(#) is re- 
placed by an H’ obtained from H by the elimination of one extra event. 
Therefore we shall make this assumption in the rest of the proof. Thus 
H = H,eH eH; and H’ = HıeH2H3. Here e is some event (i, j, p). 

We show that (w, H), (w, H’) satisfy the same formulas 7. Clearly this 
is true if Y is atomic and the argument also goes through for boolean com- 
binations. 

Suppose 7 = 06 and w, H | w. Then there is H4 such that w, H; H4 
0. By induction hypothesis w, H’; H4 | @ (it is not hard to see that it is 
legal) and hence w, H’ | Ow. The converse is similar. 

Suppose 7) = K,0 and w, H H w where r Æ i. This case is easy as H, H’ 
are r-equivalent. 

What if we have r = i? w, H = K;90 iff for all v, H” such that (v, H”) ~i 
(w, H), v, H” = 0. But since e has already occurred in both H, H’, the 
possible v in question are the same for both. The H” will have two e events 
and eliminating the second e will yield an H” such that v, H” = 0 iff 
w, H” = @. Thus the case r = i also works. 

The proof that compression preserves legality or illegality is now imme- 
diate for it depends on some knowledge formulas being true. But that issue 
is not affected by the elimination of extra events e. Q.E.D. 


With Lemma 2.7 we can show that the process of determining if a state- 
history pair (w, H) is legal terminates. More formally, 


Proposition 2.8. Let M = (G, At, 0) be a communication graph model. 
For any H € XG and state w, the question “Does (w, H) = L?” terminates 
in a finite amount of time. 


Proof. This is now immediate by the previous lemma. When asking whether 
w, H = Kiy we need to look at pairs (v, H’) which are i-equivalent to w, H. 
But now we can confine ourselves to H’ is which no (r, j, y) event with r 4 i 
occurs twice, and these are bounded in length. Q.E.D. 


2.2 Some results 


We now state the basic results about the logic of communication graphs. 

We already defined c(H) earlier. We say that two histories are c-equiv- 
alent, written C(H, H’), if c(H) = c(H’). Clearly H, H’ have the same 
semantic properties as c(H) = c(H’) and hence as each other. Moreover, 
one is legal iff the other is legal. It follows also that for every Hı, H; Hy is 
legal iff H’; Hı is. Thus C is a bisimulation. 

In the following, a history H is called w-maximal if (w, H) is legal and 
all possible (finitely many) communication events have taken place at least 
once. An interesting consequence of the above lemma is the existence of a 
maximal history (relative to some w). 
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Theorem 2.9. 


1. Ifa formula y is satisfiable in some graph model (G, At) then it is sat- 
isfiable in a history in which no communication (i,j, p) occurs twice. 


2. If H is w-maximal, then for all formulas y € Leg), F Y > Oy. 


3. If H is w-maximal and H’ is any history compatible with w such that 
H = H’, then for all formulas Y € Lyxg), if w, H” = ọ then w, H E ¢. 


4. If H and H’ are w-maximal, then for each formula yp € Leg), w, H = 
vy if w, H' E ọ. 


Proof. The first three parts follow from Lemma 2.7. We shall prove the 
last statement: for any state w, if H and H’ are w-maximal histories, then 
(w, H) and (w, H’) satisfy the same formulas. The proof is by induction on 
p. 

The base case and boolean connectives are straightforward. Suppose 
that y is of the form Ow. Let w be an arbitrary state and suppose that H 
and H’ are w-maximal histories. Suppose that (w, H) = Ow. Then there 
is some H” such that H < H”, (w, H”) is legal and (w, H”) — y. By part 
3 above, w, H = w and by the induction hypothesis, w, H” = w. Hence, 
w, H’ — Ow. Thus if w, H — Ow then w, H’ — Ow. The other direction is 


similar. 


For the knowledge case we need the following claim: 


Claim 2.10. Let w be a state. Suppose Hı and Hə are w-maximal and 
(v, H3) is legal. If (w, Hi) ~; (v, H3), then there is a history H4 which is 
v-maximal such that (w, H2) ~; (v, H4). 


Proof of Claim. Let w be a state and suppose that Hı and H2 are w- 
maximal histories and (v,H3) is a legal history-state pair such that 
(w, Hı) ~; (v, H3). Then v and w must agree on every atom which is 
not only known to 2, but also on every atom known to some other agent 
whom 7 can read directly or indirectly. For at maximality, i already knows 
the truth values of all the sets At; where j is directly or indirectly acces- 
sible from i. Thus we can find a legal history-state pair (v, Hi) such that 
(w, H2) ~; (v,H4). It is not hard to see that H} can be extended to a 
v-maximal history. Q.E.D. (Claim 2.10) 


Returning to the induction proof. Suppose that y is of the form K;y, 
w is an arbitrary state, and H and H’ are w-maximal histories. Suppose 
that (w, H) | K,w and (w, H’) j Kip. Then there is a history state pair 
(v, H”) such that (w, H’) ~; (v, H”), (v, H”) is legal and v, H” 4 w. Note 
that without loss of generality we can assume that H” is v-maximal (every 
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legal history-state pair can be extended to a maximal history, furthermore 
this extension cannot differ on the truth value of y since H” already contains 
all events of the form (i, j, x)). By the above claim (let Hı = H’, Hə = H 
and H3 = H”), there is a v-maximal history H” with (w, H) ~; (v, H”). 
By the induction hypothesis, (v, H”) and (v, H”) satisfy the same are 
Hence (w, H) ~; (v, H’”) and v, H” Æ wv. This contradicts the assumption 
that w, H = Ky. Hence, for any w-maximal histories H and H’, w, H = 
Kyw iff Ww, H’ F= Kw. Q.E.D. 


This result immediately gives us a decision procedure as we can limit the 
length of the history which might satisfy some given formula ¢. 

Notice that if we restrict our attention to maximal histories, then the 
following property will be satisfied: for any two agents i and j, if there is a 
path in the communication graph from 7 to j, then any ground fact that j 
knows, ¿į will also know. In this case, we can say that j dominates i. This 
is Fitting’s “dominance” relation discussed in Section 3. 

The following simple result demonstrates that given any sequence of 
communications H, the agents know at least the set of formulas that are 
implied by the set of formulas in H. That is, given a legal pair (w, H), let 
X;(w, H) be the set of states that agent i considers possible if the actual 
state is w and the communication between the agents evolved according to 
H. Given a formula y € Lo(At), let G@ = {w | w € W, w(y) = 1}. Now we 
formally define X;(w, H) recursively as follows 


1. Xi(w,e) = {v | vfAt; = w[At;} 
2. Xi(w, H; (i,9,9)) = Xi(w, H) N ĝ 
3. if i Am then X;(w, H; (m, j, p)) = Xi(w, H) 


The following theorem shows that agents know at least the formulas 
implied by the set X;(w,H). The proof can be found in [PagPa505] and 
will not be repeated here. 


Theorem 2.11. Let M = (G, At, 0) be any communication graph model 
and y a ground formula. If X;(w, H) C ¢, then (w, H) =m Ki(y). 


As we saw above, the converse is not true. That is, there are formulas that 
an agent can come to know which are not implied by the set X;(w, H). 
These are the formulas that agents can deduce given their knowledge of the 
communication graph. 

The following axioms and rules are known to be sound and complete with 
respect to the family of all subset spaces [Mo3Pa592]. Thus they represent 
the core set of axioms and rules for any topologic (see [PasMo3St,407] for 
the current state of affairs). 
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1. All propositional tautologies 


2. (p > Op) A (=p > Dp), for p € At 
(Y > y) > (Oy > OY) 


BEE. 


3 

4 

5. Up > OUy 

6. Ki(y > Y) > (Kip > Ki) 
T 

8 

9 


. Kig- 


10. (Cross axiom) K;Oọ —> OK;y 


We include the following rules: modus ponens, K; necessitation and O ne- 
cessitation. It is easy to verify that the above axioms and rules are valid, i.e., 
valid in all frames based on any communication graphs. We only demon- 
strate that the cross axiom K;Oọy — OK;ọ is valid. It is easier to consider 
it in its contrapositive form: OLiy — L;y. This is interpreted as follows: 
if there is a sequence of updates that lead agent i to consider y possible, 
then 7 already thinks it possible that there is a sequence of updates after 
which y becomes true. 


Proposition 2.12. The axiom scheme OL;y — L;ĝọy is valid. 


Proof. Let G be an arbitrary communication graph and M = (G, At, #) any 
communication graph model based on G. Suppose that (w, H) is a legal 
state-history pair. Suppose that w, H = OL;y. Then there exists H’ with 
H < H’ such that w, H’ = Liy. Hence there is a pair (v, H”) such that 
(w, H') ~; (v, H”) and v, H” |m y. Let H” be any sequence such that 
ài(H) = (4) and H” < H”. Such a history must exist since H < H’ 
and H’ ~; H”. Since H < H', M(H) < ài(H') = ;(H"”). Therefore, 
we need only let H” be any initial segment of H” containing \;(H). By 
definition of L, all initial sequences of a legal history are legal. Therefore, 
since v, H” Ey y, v, H” — Oy; and since H ~; A”, w, H =m Lidy. 

Q.E.D. 


The next lemma follows from the existence of maximal histories. 


Lemma 2.13. The axiom Oy -> OL is valid. 
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Proof. Let G be an arbitrary communication graph, M = (G, At, D) any 
communication graph model based on G and (w, H) a legal history-state 
pair. Suppose that w, H Hm OOy. Let H’ be a w-maximal history 
extending H, then w, H’ Hm Ow and hence there is a history H” such 
that H’ < H” and w, H” Hm y. Since H’ is maximal, by Theorem 2.9 
w, H’ — ọ. By Theorem 2.9 again, w, H’ = Oy. Hence w, H | Oy. 
Conversely, suppose that w, H Hm Og. Then there is a history H’ 
such that H < H’ and w, H’ Hm Oy. Let H’, be a w-maximal history that 
extends H’. Then w, H}, Em y. Let H” be any history that extends H 
and H”, be a w-maximal history that extends H”. By Theorem 2.9, since 
w, H}, =m p, w, Hl En vy. Hence w, H” Eu Oy and hence w, H Hm 
Oy. Q.E.D. 


If we fix a communication graph, then there are more formulas which are 
valid. 


Lemma 2.14. Let G = (A, E) be a communication graph. Then for each 
(i,j) € E, for all £ € A such that / 47% and £ Æ j and all ground formulas 
p, the scheme 

Kp A 7Key > (Kip A 7Key) 


is G-valid. 


Proof. Let G be an arbitrary communication graph and M a communication 
graph model based on G. Suppose that w, H Fm K;y A 7Key. Then j 
knows y and hence 7 can read ¢ directly from j’s website. More formally, 
H;(i,j,~) is a legal history (provided that H is legal). The agent £ is 
none the wiser as A¢(H) = Ae(H; (i,j, ~)). Therefore, w, H; (i, j, p) Em 
Kip A 7AKey. Q.E.D. 


The converse is not quite true. For suppose that agent i is connected 
to agent j via (exactly) two other agents 1,2. Then a fact known to j 
can be learned by i without ¢; finding out about it, ditto for £2 and for any 
agent beside £1, l2. However, in this scenario, it is impossible for i to find 
out some y from j unless ¢; and 2 jointly know y. 


3 Related literature 


Communication graphs, or communication networks, and more generally 
social networks? have been studied by a number of different communities. 
Most notably, social networks are an important topic in sociology. But 
computer scientists have also had quite a lot to say about networks. The 


3 A social network is a graph on a set of agents where edges represent some social 
interaction such as acquaintances, coauthors on a mathematical paper, costars in a 
movie, and so on. 
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goal of this section is not to survey this vast amount of literature, but rather 
to give some details about a few papers most relevant to the framework 
discussed in Sections 1 and 2. Needless to say, this list of topics is not 
meant to be complete. 


Coordination problems 


Suppose there are two generals A and B with armies at the top of two moun- 
tains with a valley in between them. As the story goes, the generals attempt 
to coordinate their action by sending messages back and forth. However, 
since the communication channel is unreliable (the messengers must travel 
through dangerous territory), common knowledge of the time to attack can- 
not be achieved. This puzzle, called the generals problem, has been topic 
of much discussion. See [Fa+95] for a formal treatment and discussion of 
relevant literature and [Le269] for a discussion of common knowledge as it 
relates to coordination problems. Of course, if there was a reliable commu- 
nication channel between the two generals, then they could easily coordinate 
their actions. Thus the existence of a communication graph (in this case 
just an edge between the two generals) facilitates coordination. This raises 
some interesting questions about the structure of the communication graph 
on a group of agents and its affect on coordination. 

In [Ch400, Ch499], Michael Chwe investigates the general question of 
when the structure of the communication graph can facilitate coordination 
among a group of agents. Chwe considers the following situation. There is 
a finite set of agents A. Each agent must decide whether or not to revolt 
against the current government. That is, assume that agents choose between 
r (revolt) and s (stay at home). The agents are assumed to use the following 
decision rule: “I'll go if you go”. That is, for a particular agent i, the greater 
the number of agents 7 believes will choose r, the higher the utility 7 assigns 
to r, provided agent i is willing to revolt. More formally, it is assumed 
that each agent is either willing to revolt (w) or not willing to revolt (nw). 
Then a utility function for agent i maps elements of {w,nw} x {r,s}” to 
real numbers with the constraint that if an agent is not willing to revolt, 
then the utility of revolting is zero regardless the opinions of it’s neighbors. 
It is assumed that the agents are connected by a communication graph 
G = (A, E). Here (i,j) € E is intended to mean “agent i talks to agent 
j”. That is ¿i informs j as to whether or not he will revolt. Thus the set 
B; = {j | (j,i) € E} is the set of agents for which i knows which action 
they will perform. Finally, it is assumed that the communication graph is 
common knowledge and that each agent has a prior belieft about which 
agents will revolt. 


4 Beliefs are represented by probability functions over the set {r,s}”. 
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Chwe considers the question “which communication graphs enable the 
group to revolt?” To that end, a strategic game ['(G, {7}ie,) is defined, 
where 7; is agent it’s prior beliefs. In this game, an agent i’s decision to 
revolt depends on its prior beliefs m; and the set B; of agents that i has 
communicated with. Of course if agent it’s prior belief assigns high enough 
probability to a large enough group of agents revolting, then that agent will 
revolt regardless of the communication graph. Thus the interesting question 
is which communication graph will enable the group to revolt regardless 
of the agents’ prior probabilities. Chwe calls such communication graphs a 
sufficient network. 

The main result of the paper [Ch400] is a characterization of minimal 
sufficient networks. First of all, it should be obvious that if a communication 
graphs G enables a group to revolt, then so will any communication graph 
G’ which is just like G except with additional edges (it is straightforward to 
prove this in Chwe’s framework). Chwe showed that any sufficient network 
has the following property: there is a finite set of cliques such that 


1. Each agent is in at least one clique, 


2. there is a relation — between the cliques that characterizes the edge 
relation in the graph. That is there is an edge from i to j iff there is 
some clique containing 2 and some clique containing 7 that are related 
by —, and 


3. the cliques are totally ordered by —. 


This result provides an interesting perspective on collective action. The 
communication graph facilitates the group’s ability to share information and 
thus enabling group action. The logic presented in Section 2 is intended to 
make clear precisely how an agent’s information can change in situations 
similar to the one described above. 


Agreeing to disagree 

In 1976, Aumann proved a fascinating result [Au76]. Suppose that two 
agents have the same prior probability and update their probabilities of 
an event Æ with some private information using Bayes’ rule. Then Au- 
mann showed that if the posterior probability of Æ is common knowledge, 
then they must assign the same posterior probability to the event Æ. In 
other words, if agents have the same prior probability and update using 
Bayes’ rule, then the agents cannot “agree to disagree” about their poste- 
rior probabilities. See [BooNe97] for a nice discussion of this result and the 
literature that it generated. An immediate question that comes to mind is 
“How do the posterior probabilities become common knowledge?” Starting 
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with Geanakoplos and Polemarchakis [GeoPo0 82], a number of papers have 
addressed this issue [Ca583, Ba185, PasKro90, Kro96, Heo 96}. 

The key idea is that common knowledge arises through communication. 
Suppose there are two agents who agree on a prior probability function. 
Suppose that each agent receives some private information concerning an 
event E and updates their probability function accordingly. Geanakop- 
los and Polemarchakis [GepPo 182] show that if the agents each announce 
their posterior probabilities and update with this new information, then the 
probabilities will eventually become common knowledge and the probabili- 
ties will be equal. Similar to Chwe’s analysis described above, the existence 
of a communication graph (with an edge between the two agents) enables 
consensus about the posterior probabilities. 

Parikh and Krasucki [PasKro90] look at the general situation where there 
may be more than two agents” and communication is restricted by a com- 
munication graph. They show that under certain assumptions about the 
communication graph, consensus can be reached even though the posterior 
probabilities of the agents may not be common knowledge®. Before stating 
their result, some clarification is needed. Note that a communication graph 
tells us which agent can communicate with which agent, but not when two 
agents do communicate. To represent this information, Parikh and Kra- 
sucki introduce the notion of a protocol. A protocol is a pair of functions 
(r,s) where r : N > A and s : N — A. Intuitively, (r(t), s(t)) means that 
r(t) receives a message from s(t) at time t. Say a protocol (r,s) respects 
a communication graph G = (A, E) if for each t € N, (r(t), s(t)) € E. A 
protocol is said to be fair provided every agent can send a message to any 
other agent, either directly or indirectly, infinitely often”. Parikh and Kra- 
sucki show that if the agents are assumed to have finitely many information 
sets, then for any protocol if the agents sends the current probability (con- 
ditioned on the agent’s current information set) of proposition A, then after 
a finite amount of time t for each agent 7, the messages received after time t 
will not change 2’s information set. Furthermore, if the protocol is assumed 


5 Cave [Cas83] also considers more than two agents, but assumes all communications 
are public announcements. 

This point was formally clarified by Heifetz in [He096]. He demonstrates how to enrich 
the underlying partition space with time stamps in order to formalize precisely when 
events become common knowledge. 

Consult [Pas Kro90] for a formal definition of “fairness”. 

Actually, Parikh and Krasucki consider a more general setting. They assume agents 
communicate the value of some function f that maps events to real numbers. Intu- 
itively, f could be thought of as the expected value of a random variable given some 
information set. The only condition imposed on f is a convexity condition: for any 
two disjoint close subsets X and Y, f(X UY) lies in the open interval between f(X) 
and f(Y). Here closed is defined with respect to the agents’ information sets. This 
generalizes a condition imposed by Cave [Cas583] and Bacharach [Ba 85]. 


6 


con 
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to be fair (i.e., the communication graph is strongly connected) then all 
the agents will eventually assign the same probability to A. Krasucki takes 
the analysis further in [Kro96] and provides conditions on the protocol (and 
implicitly on the underlying communication graph) which will guarantee 
consensus regardless of the agents’ initial information. 

Similar to Chwe’s analysis, Parikh and Krasucki’s analysis shows that 
the structure of the communication graph is a key aspect of consensus in 
a group. We end this section with a different interpretation of a commu- 
nication graph that provides a very interesting perspective on many-valued 
modal logic. 


Many-valued modal logic 


In [Fig91a, Fi291b], Fitting discusses various families of many-valued modal 
logics. In these frameworks, Fitting assumes that both the valuation of the 
formulas and the accessibility relation are many-valued. The frameworks 
are motivated in [Fi291b] with the help of a structure similar to a com- 
munication graph. As in this paper, it is assumed that there is a graph 
with the set of agents as nodes. However, Fitting interprets an edge in 
this graph differently: “i is related to j” means that i dominates j, where 
‘dominate’ means that “j says that something is true whenever i says it is”. 
It is assumed that this relation is a partial order. Each agent is assumed to 
have its own valuation and accessibility relation on a set of possible worlds. 
Fitting is interested in which modal formulas the agents will agree on in a 
particular world. Two semantics are presented that solve this problem. 
Deciding which agents agree on a particular formula in a common lan- 
guage naturally suggests a many-valued modal logic where formulas are 
assigned subsets of agents (i.e., the subsets of the agents are the set of truth 
values in this many-valued setting). Suppose that y is assigned the set 
BC Aina state w, then the intended interpretation is that each agent in 
B agrees on the truth value of y in w. The domination relation outlaws 
certain subsets of agents as truth values. For example, if i dominates j, 
then {i} cannot be a possible truth value since j is assumed to always agree 
with 7 on the set of true formulas. The domination relation also provides an 
intuitionistic flavor to the underlying logic. For example, consider the for- 
mula ~y and suppose 7 dominates j. Now it is consistent with the notion of 
domination that i can consider ọ false and j considers ọ true. In this case, 
if we interpret ~ classically, then 7 considers ~y true while j considers ~y 
false, which contradicts the fact that i dominates j. Thus, we are forced to 
say that i considers ~g true if i and all agents that i dominates consider that 
y is false. Fitting offers two semantics which take these observations into 
account. One is a combination of Kripke intuitionistic models and Kripke 
multi-modal models and the second is a many-valued Kripke modal model. 
The two semantics are shown to be equivalent and a sound and complete 
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axiomatization is offered. 

Rasiowa and Marek offer a similar interpretation of a communication 
graph [RasMas589, RasMas593]. In their framework an edge from i to j 
means that “j is more perceptive than 7”. If this is the case, then j’s 
valuation of a proposition p is “better than” 7’s valuation of that same 
variable. Rasiowa and Marek provide a framework to reason about formulas 
on which there is consensus among the agents. The framework discussed in 
the rest of this paper can be seen as an attempt to explain how an agent i 
can come to dominate another agent j. That is, assuming the agents start 
with consistent (partial) theories, i can dominate j if there is a (possibly 
indirect) communication channel from 7 to j and j asks ¿i about the truth 
value of all formulas in the language. 


Dynamic epistemic semantics 


The study of Dynamic Epistemic Logic attempts to combine ideas from dy- 
namic logics of actions and epistemic logic. The main idea is to start with 
a formal model that represents the uncertainty of an agent in a social situ- 
ation. Then we can define an ‘epistemic update’ operation that represents 
the effect of a communicatory action, such as a public announcement, on the 
original model. For example, publicly announcing a true formula y, converts 
the current model to a submodel in which ¢ is true at each state. Starting 
with [Pl)07] and more recently [BasMo304, Ko403, vD00, Ge299a, vB06], 
logical systems have been developed with the intent to capture the dynam- 
ics of information in a social situation. Chapter 4 of Kooi’s dissertation 
[K0403] and the recent book [vDvHKo,07] contain a thorough discussion of 
the current state of affairs. 

These logics use PDL style operators to represent an epistemic update. 
For example, if !y is intended to mean a public announcement of y, then 
(!y)K;w is intended to mean that after p is publicly announced, agent i 
knows w. From this point of view, our communication modality 4 can be 
understood as existentially quantifying over a sequence of private epistemic 
updates. However, there are some important differences between the se- 
mantics presented in this paper and the semantics found in the dynamic 
epistemic logic literature. First of all, in our semantics, communication is 
limited by the communication graph. Secondly, we do not consider general 
epistemic updates as is common in the literature, but rather study a specific 
type of epistemic update and its connection with a communication graph. 
Most important is the fact that the history of communications plays a key 
role in the definition of knowledge in this paper. The general approach of 
dynamic epistemic semantics is to define update operations mapping Kripke 
structures to other Kripke structures intended to represent the effect of an 
epistemic update on the first Kripke structure. For example, a public an- 
nouncement of y selects the submodel of a Kripke structure in which ọ is 
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true at every state. The definition of knowledge after an epistemic update is 
the usual definition, i.e., y is known by 7 at state w if ọ is true in all states 
that i considers possible from state w in the updated Kripke structure. 
Floris Roelofsen introduces communication graphs to the dynamic epis- 
temic logic setting in [Ro 905]. The framework is more general than the one 
presented in this paper in three respects. First, the communication graph is 
a relation on the collection of subsets of A, where an edge between 6, C A 
and B2 C A means that group Bı can communicate with group Bj. Thus 
a communication event in this framework is a tuple (81, Bz, p) intended to 
mean that group 8B; sends a message whose content is y to group Bz; and 
a precondition for an event (81, B2, p) to take place is that y is common 
knowledge among group B,.° Second, there is no assumption that messages 
between groups be restricted to ground formulas. Finally, Roelofsen does 
not assume that the communication graph is common knowledge. There- 
fore, there may be messages that can “update” the agent’s view of the 
communication graph. So, should our models be viewed as an interesting 
special case of these more general model? The answer to this question is 
not straightforward as the history of communication plays a crucial role in 
the semantics presented in this paper. A full comparison between these two 
approaches can be found in [Ho706] (cf. [vBPao06, vBGe2Pao07] for a com- 
parison between history based semantics and dynamic epistemic semantics). 


4 Conclusions 


In this paper we have introduced a logic of knowledge and communication. 
Communication among agents is restricted by a communication graph, and 
idealized in the sense that the agents are unaware when their knowledge 
base is being accessed. We have shown that the communication graph is 
characterized by the validities of formulas in models based on that commu- 
nication graph, and that our logic is decidable. 

We are now moving on to discuss future work. Standard questions such 
as finding an elegant complete axiomatization will be studied. The seman- 
tics described in Section 2 rests on some strong underlying assumptions. 
Below we briefly sketch how to remove some of these assumptions. 


One-way communication 


As discussed in the introduction, an edge from i to j means that i can 
read 7’s website without j knowing that its website is being read. Thus 
a communication event (i,j, p) only changes is knowledge. This can be 
formally verified by noting that if H and H;(i,j,y) are w-legal histories, 
then by the definition of the A; function, \;(H) = \;(H; (2,7, )). Thus 


9 We could of course consider other cases where some members of B1 communicate with 
some members of Bo. 
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(w,H) ~; (v, H’) iff (w, H; (i, j,p)) ~; (v, H') and so j’s knowledge is 
unchanged by the presence of the event (i, j, p). We can model conscious 
communication by changing the definition of the local view function. Define 
the A; as follows: given a history H, let A¥(H) map events of the form 
(i, 9, p) and (j,i, yp) to themselves and all other events in which 7 does not 
occur in the first two components to the null event. 


Starting with theories 


Another natural extension is to consider situations in which agents have 
a preference over which information they will read from another agent’s 
website. Thus for example, if one hears that an English Ph.D. student and 
his adviser recently had a meeting, then one is justified in assuming that they 
probably did not discuss the existence of non-recursive sets, even though 
the adviser may conceivably know this fact. Given that this preference over 
the formulas under discussion among different groups of agents is common 
knowledge, each agent can regard some (legal) histories as being more or 
less likely than other (legal) histories. From this ordering over histories, 
we can define a defeasible knowledge operator for each agent. The operator 
is defeasible in the sense that agents may be wrong, i.e., it is after all 
possible that the English student and his adviser actually spent the meeting 
discussing the fact that there must be a non-recursive set. 
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Abstract 


In this survey we analyze and compare various sufficient epistemic 
conditions for backward induction that have been proposed in the 
literature. To this purpose we present a simple epistemic base model 
for games with perfect information, and express the conditions of the 
different models in terms of our base model. This will enable us to 
explictly analyze the differences and similarities between the various 
sufficient conditions for backward induction. 


1 Introduction 


Backward induction constitutes one of the oldest concepts in game theory. 
Its algorithmic definition, which goes back at least to [Ze13], seems so nat- 
ural at first sight that one might be tempted to argue that every player 
“should” reason in accordance with backward induction in every game with 
perfect information. However, on a decision theoretic level the concept is 
no longer as uncontroversial as it may seem. The problem is that the back- 
ward induction algorithm, when applied from a certain decision node on, 
completely ignores the history that has led to this decision node, as it works 
from the terminal nodes towards this decision node. At the same time, the 
beliefs that the player at this decision node has about his opponents’ fu- 
ture behavior may well be affected by the history he has observed so far. 
For instance, a player who observes that an opponent has not chosen in 
accordance with backward induction in the past may have a valid reason 
to believe that this same opponent will continue this pattern in the game 
that lies ahead. However, such belief revision policies are likely to induce 
choices that contradict backward induction. We therefore need to impose 
some non-trivial conditions on the players’ belief revision policies in order 
to arrive at backward induction. 

During the last decade or so, the game-theoretic literature has provided 
us with various epistemic models for dynamic games in which sufficient 
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epistemic conditions for backward induction have been formulated. The 
objective of this survey is to discuss these conditions individually, and to 
explicitly compare the different conditions with each other. The latter task 
is particularly difficult since the literature exhibits a large variety of epis- 
temic models, each with its own language, assumptions and epistemic oper- 
ators. Some models are syntactic while others are semantic, and among the 
semantic models some are based on the notion of states of the world while 
others use types instead. As to the epistemic operators, some models apply 
knowledge operators while others use belief operators, and there is also a 
difference with respect to the “timing” of these operators. Are players en- 
titled to revise their knowledge or belief during the course of the game, and 
if so, at which instances can they do so? Different models provide different 
answers to these, and other, questions. 

As to overcome these problems we present in Section 2 an epistemic base 
model, which will be used as a reference model throughout this overview. 
In Section 3 we then provide for each of the papers to be discussed a brief 
description of the model, followed by an attempt to formulate its epistemic 
conditions for backward induction in terms of our base model. By doing 
so we formulate all sufficient conditions for backward induction in the same 
base model, which makes it possible to explicitly analyze the differences and 
similarities between the various conditions. 

Finally, a word about the limitations of this paper. In this survey, we 
restrict attention to epistemic conditions that lead to the backward induc- 
tion strategies for all players. There are alternative models that lead to the 
backward induction outcome, but not necessarily to the backward induc- 
tion strategy for each player. For instance, [Ba7Si,02] and [Br)Fr2Ke,04] 
provide epistemic models for extensive form rationalizability [Peo84, Ba797| 
and iterated maximal elimination of weakly dominated strategies, respec- 
tively, which always lead to the backward induction outcome in every generic 
game with perfect information, but not necessarily to the backward in- 
duction strategy profile. We also focus exclusively on sufficient conditions 
that apply to all generic games with perfect information. There are other 
interesting papers that deal with the logic of backward induction in spe- 
cific classes of games, such as Rosenthals’s centipede game [Ro381] and 
the finitely repeated prisoner’s dilemma. See, among others, [Bi,87, St196, 
Au98, Rao98, Br3Rao99, Ca200, Pr00]. We shall, however, not discuss these 
papers here. Even with the limitations outlined above, we do not claim to 
offer an exhaustive list of epistemic models for backward induction. We do 
believe, however, that the list of models treated here will give the reader a 
good impression of the various epistemic conditions for backward induction 
that exist in the literature. 
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2 An epistemic base model 
2.1 Games with perfect information 


A dynamic game is said to be with perfect information if every player, 
at each instance of the game, observes the opponents’ moves that have 
been made until then. Formally, an extensive form structure S with perfect 
information consists of the following ingredients: 


e First, there is a rooted, directed tree T = (X, E), where X is a finite set 
of nodes, and E C X x X is a finite set of directed edges. The nodes 
represent the different situations that may occur during the game, and 
the edges (x, y) represent moves by players that carry the game from 
situation x to situation y. The root 7 E€ X marks the beginning of 
the game. For every two nodes x,y € X, there is at most one path 
((@1, Y1), (£2, Y2),---;(@n, Yn)) in E from z to y with z1 = T, Yn = Y, 
and yk = £k+1 for every k € {1,...,n — 1}. We say that x precedes y 
(or, y follows x) if there is a path from x to y. Since xo is the root, 
there is for every x E€ X\{xo} a path from x to x. A node x € X 
is called a terminal node if it is not followed by any other node in 
X. The set of terminal nodes is denoted Z, and represents the set of 
possible outcomes for the game. 


e There is a finite set I of players, and a move function m : X\Z — I 
which specifies for every non-terminal node z the player m(x) € I who 
has to move at x. For every player i, the set of nodes 


H; := {x € X\Z | m(x) = i} 


is called the set of information sets! for player i. Since every infor- 
mation set h; € H; corresponds to a single node it is assumed that 
a player, whenever it is his turn to move, knows exactly which node 
in the game tree has been reached. That is, the game has perfect in- 
formation. The root xo is identified with the information set ho, and 
by H; := H; U {ho} we denote the set of player i information sets, 
together with the beginning of the game. By H = LU, Hi we denote 
the set of all information sets. 


ier 


e For every player i and information set h; € H;, the set of edges 
A(hi) = {(hi,y) | y E X, (hiy) € E} 


is called the set of actions, or moves, available at hi. By 
A = Uep A(h) we denote the set of all actions. 


1 Note that in our restricted setting an information set consists of a single node. We 
could therefore also have used the term “non-terminal node” instead of “information 
set”. In particular, the collection of all information sets coincides with the set of all 
non-terminal nodes. 
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We now turn to the definition of a strategy. Intuitively, a strategy for 
player i is a plan that describes what player i would do in every possible 
situation in the game where it is his turn to move. The formal definition of 
a strategy we shall employ coincides with the concept of a plan of action, 
as discussed in [Ru,91]. The difference with the usual definition is that we 
require a strategy only to prescribe an action at those information sets that 
the same strategy does not avoid. Formally, let H; C H; be a collection of 
player i information sets, not necessarily containing all information sets, and 
let s; : H; — A be a mapping prescribing at every h; € Ñ; some available 
action s;(h;) E€ A(h;). For a given information set h € H, not necessarily 
belonging to player i, we say that s; avoids h if on the path 


((1,y1); ae (In, Yn)) 


from ho to h there is some node x, in H; with si(£k) Æ (£k, YR). That 
is, the prescribed action s;(z,) deviates from this path. Such a mapping 
si : H; > A is called a strategy for player i if H,; is exactly the collection of 
player i information sets not avoided by s;. Obviously, every strategy s; can 
be obtained by first prescribing an action at all player ¿i information sets, 
that is, constructing a strategy in the classical sense, and then deleting from 
its domain those player i information sets that are avoided by it. For a given 
strategy s; E€ Si, we denote by H;(s;) the collection of player i information 
sets that are not avoided by s,;. Let S; be the set of player i strategies. For 
a given information set h € H and player i, we denote by S;(h) the set of 
player i strategies that do not avoid h. Then, it is clear that a profile (s;);e7 
of strategies reaches an information set h if and only if s; € S;(h) for all 
players i. 


2.2 Preferences, beliefs and types 


The basic assumption in our base model is that every player has a strict? 
preference relation over the terminal nodes, and holds at each of his in- 
formation sets a conditional belief about the opponents’ strategy choices 
and preference relations. In particular, we allow for the fact that players 
may revise their beliefs about the opponents’ preferences as the game pro- 
ceeds. In order to keep our model as “weak” as possible, we assume that 
this conditional belief can be expressed by a set of opponents’ strategies 
and preference relations. This set represents the strategies and preference 
relations that the player deems possible at his information set. We thus do 
not consider probabilities, and it is therefore sufficient to specify the play- 
ers’ ordinal preferences over terminal nodes. Not only does a player hold 
first-order conditional beliefs about the opponents’ choices and preferences, 


2 In the literature, it is not always assumed that players hold strict preferences over 
terminal nodes. We do so here for the sake of simplicity. 
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he also holds second-order conditional beliefs about the opponents’ possible 
first-order beliefs at each of his information sets. A second-order belief may 
thus contain expressions of the form “player 7 considers it possible at infor- 
mation set h; that player j considers it possible at information set h; that 
player k chooses strategy są and has preference relation P”. Recursively, 
one may define higher-order conditional beliefs for the players. A possible 
way to represent such hierarchies of conditional beliefs is by means of the 
following model. 


Definition 2.1 (Epistemic base model). Let S be an extensive form struc- 
ture with perfect information. An epistemic base model for S is a tuple 


M = (T;, P;, Bi)ier 
where 
(1) T; is a set of types for player i; 


(2) P; is a function that assigns to every t; € T; some complete, strict and 
transitive preference relation P;(t;) over the terminal nodes; 


(3) Bi is a function that assigns to every t; € T; and every information 
set h; € Hj some subset Bj(ti, hi) © [],4;(9; (hi) x Tj). 


Here, B;(t;, hi) denotes the set of opponents’ strategy-type pairs which t; 
deems possible at h;. We denote by B;(t;, h;|S_;) the projection of B;(t;, hi) 
on Ijz S;(hi). That is, Bi(ti, hi|S—:) is t;’s belief at h; about the oppo- 
nents’ strategy choices. For any player j # i, we denote by Bij (ti, hi) the 
projection of B;(t;,h;) on the set S; (hi) x Tj. Hence, B;;(t;, hi) is t;’s belief 
at hi about player 7’s strategy-type pair. 

From an epistemic base model, conditional beliefs of any order can be 
derived. For instance, type t;’s belief at h; about player j’s choice is given by 
the projection of Bij (ti, hi) on Sj. Let Bj;(ti, hi|S;) denote this projection, 
and let B,;(ti,hi|T;) denote its projection on Tj. Then, type t,’s belief at 
hi about player j’s belief at hj about player ¢’s choice is given by 


U Bye(tj, hj|Se). 


tj € Bij (ti hil Ty) 
In a similar fashion, higher-order beliefs can be derived. 


2.3 Common belief 

Let M = (T;, Pi, Bi)ier be an epistemic base model, and E C Ujer Tj a 
set of types, or event. We say that type t; believes in E at information set 
hi € H¥ if By, (ti, hi|T;) C E for all j # i. We say that t; initially believes 
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in E if t; believes in E at ho. Common belief in the event E is defined by 
the following recursive procedure: 


Bi (E) = {t; € T; | Bij(ti,hi|T;) C E for all j 47 and all h; € HŽ} 
for alli € I, and 
Bi**(B) = {ti € T; | Bij (ti, hilT}) C BF (E) for all j A i and all h; € HŽ} 
for all į € I and all k > 1. 


Definition 2.2 (Common belief). A type t; € T; is said to respect common 
belief in the event E if t; € E and t; € BẸ(E) for all k. 


Hence, t; respects common belief in F if t; belongs to FE, believes through- 
out the game that opponents’ types belong to E, believes throughout the 
game that opponents believe throughout the game that the other players’ 
types belong to E, and so on. In particular, if we say that t; respects 
common belief in E, this implies that t; itself should belong to E. So, for 
instance, if we say that t; respects common belief in the event that types 
never change their belief about the opponents’ preference relations during 
the game, this implies that t; itself never changes its belief about the op- 
ponents’ preference relations. We realize that this is perhaps linguistically 
not correct, but we do so for the sake of brevity. Otherwise, we should have 
to write, throughout this paper, that t; belongs to E, and respects common 
belief in E. 

In most other epistemic models in the literature, the term “common 
belief’ or “common knowledge” refers to the epistemic state of a group of 
players, rather than to the epistemic state of a single player, as we use it. 
That is, in most other models the expression “there is common belief in 
E” means that “all players believe that Æ holds, all players believe that 
all players believe that E holds, and so on.” The reason for me to use 
an “individualistic” version of common belief is that we want to impose 
conditions on the beliefs of one player only, and see when such individual 
conditions lead to backward induction reasoning by that player. So, we 
take a single-player perspective in this paper, and choose the version of 
common belief accordingly. We realize this is an unusual approach, but it 
is well-suited for the purposes we have in mind. 

Common initial belief in the event E is defined as follows: 


IB} (EZ) = {t; € T; | Bij (ti, ho|T;) C E for all j 4 i} 
for all i € I, and 
IBS*"(E) = {ti € T; | Bi (ti, ho|T;) C IBF(E) for all j 4 i} 
for alice Jandallk>1. 
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Definition 2.3 (Common initial belief). A type t; € T; is said to respect 
common initial belief in the event E if t; € E and t; € IB} (£) for all k. 


2.4 Belief in the opponents’ rationality 


All the epistemic foundations for backward induction to be discussed here 
make assumptions about the beliefs that players have about the rationality 
of their opponents. More precisely, all foundations require that players 
initially believe that each opponent chooses rationally at every information 
set. However, the various foundations differ as to how players would revise 
their beliefs upon observing that their initial belief about the opponents 
was incorrect. In order to express these different belief revision procedures 
in terms of our base model, we need the following definitions. 

We first define what it means that a strategy is rational for a type at a 
given information set. For an information set h; € H;, a strategy s; € S;(h;), 
and an opponents’ strategy profile s_; € [],4, Sj(hi), let z(si, s_i|hi) be the 
terminal node that would be reached from h; if (si, s_;) were to be executed 
by the players. 


Definition 2.4 (Rationality at an information set). A strategy s; is ra- 
tional for type t; at information set h; € H;(s;) if there is no s; € S;(h,) 
such that P,(t;) ranks z(s),s_;|hi) strictly over z(s;,s_;\h;) for all s_; € 


Hence, s; is rational for t; at h; is there is no other strategy s; € S;(h;) 
that strictly dominates s;, given the set of opponents’ strategies that t; 
deems possible at hi. 

We shall now define various restrictions on the beliefs that players have 
about the opponents’ rationality. We need one more definition to this pur- 
pose. For a given type t; € T;, information set h; € HŽ, and some oppo- 
nent’s information set h € H\H; following hi, we say t; believes h to be 
reached from h; if B,(ti, hi|S_;) C S_;(h). Here, S_;(h) is a short way to 
write [],4; 9;(h). 


Definition 2.5 (Belief in the opponents’ rationality). 


(1) Type t; believes at information set h; € H; that player j chooses 
rationally at information set hj € H; if for every (s;,t;) € Bi; (ti, hi) 
it is true that sj is rational for tj at hj. 


(2) Type t; initially believes in rationality at all information sets if t; 
believes at ho that every opponent j chooses rationally at all hj € Hj. 


(3) Type t; always believes in rationality at all future information sets if 
ti believes at every h; € H; that every opponent j chooses rationally 
at every hj E€ H; that follows hi. 
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(4) Type t; always believes in rationality at future information sets that 
are believed to be reached if t; believes at every h; € H* that every 
opponent j chooses rationally at all those hj € H; following h; which 
ti believes to be reached from h;i. 


(5) Type t; always believes in rationality at all future and parallel in- 
formation sets if t; believes at every h; € HŽ that every opponent j 
chooses rationally at every h; € H; that does not precede hj. 


(6) Type t; always believes in rationality at all information sets if t; be- 
lieves at every h; € H; that every opponent j chooses rationally at 
every hj € Hj. 


Condition (6) is the strongest possible condition that can be imposed, 
since it requires a player, under all circumstances, to maintain his belief 
that his opponents have chosen rationally in the past, will choose rationally 
at any stage in the future, and would have chosen rationally at all foregone 
(i.e., parallel) information sets. In particular, a player is assumed to in- 
terpret every observed past move as being part of an opponent’s strategy 
which is rational at all information sets. In other words, every past move is 
interpreted as a rational move. 

Condition (5) is a weakening of (6). In condition (5), a player need not 
interpret every observed past move as a rational move, since he is no longer 
required to believe in the opponents’ rationality at past information sets. 
That is, if a player observes an opponent’s move which surprises him, then he 
may believe that this move was due to a mistake by the opponent. However, 
condition (5) still requires the player to believe that this same opponent will 
choose rationally all stages in the future, and would have chosen rationally 
at all foregone situations. Hence, in condition (5) an observed surprising 
move by an opponent should not be a reason for dropping the belief in this 
opponent’s rationality at future and foregone situations. 

Condition (3) is a weakening of (5), since it no longer requires that a 
player, after observing a surprising move by an opponent, believes that this 
opponent would have chosen rationally at foregone situations. However, the 
player is still assumed to believe that the opponent will, and would, choose 
rationally at all future situations, no matter whether he deems these future 
situations possible or not. 

Condition (4), in turn, is a weakening of (3). In condition (4) a player, 
after observing a surprising move by an opponent, need not believe that 
this opponent would choose rationally at future situations which he does 
not deem possible. He is only required to believe that the opponent will 
choose rationally at future situations which he indeed believes could take 
place. 
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Condition (2) is a weakening of (3) but not of (4). In condition (2), a 
player believes, before anything has happened, that every opponent will, 
and would, choose rationally at all future situations, no matter whether he 
deems these situations possible or not. However, once the game is under 
way, the player is allowed to completely drop his belief in the opponents’ 
rationality. Note than in condition (4), a player may initially believe that 
an opponent would not choose rationally at a certain information set if he 
initially believes that this information set will not be reached. Therefore, 
condition (2) is not a weakening of (4). Also, condition (4) is not a weaken- 
ing of (2), so there is no logical implication betweens conditions (2) and (4). 

In light of the definitions we have seen so far, we may thus construct 
phrases as “type t; respects common belief in the event that all types ini- 
tially believe in rationality at all information sets”. Some of the epistemic 
foundations for backward induction, however, use a condition that cannot 
be expressed in this form, since it relies on a notion that is different from 
common belief. In order to formalize this condition, we consider the follow- 
ing recursive procedure: 


FBSR; (hi) = {t; € T; | t; believes at h; that every j 4 i chooses 
rationally at all h; that follow h;} 


for all i € J and all h; € AF, and 


and all hj that follow h;} 


for alli € I, h; € Hy and k > 1. 


Definition 2.6 (Forward belief in substantive rationality). A type t; is said 
to respect forward belief in substantive rationality if ti € FBSR*(h;) for all 
k and all h; € HŽ. 


That is, t; respects forward belief in substantive rationality if t; (1) 
always believes that every opponent is rational at every future information 
set, (2) always believes that every opponent, at every future information 
set, believes that every opponent is rational at every future information 
set, (3) always believes that every opponent, at every future information 
set, believes that every opponent, at every future information set, believes 
that every opponent is rational at every future information set, and so on. 

The first condition above, namely that t; always believes that every 
opponent is rational at every future information set, corresponds exactly 
to condition (3) of Definition 2.5. However, forward belief in substantive 
rationality is logically weaker than common belief in condition (3) of Def- 
inition 2.5. Consider, namely, a player 7 information set h; and a player j 
information set h; that precedes h;. Then, common belief in condition (3) 


CF 
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requires that player 7 believes at h; that player j believes at hj that player 
i chooses rationally at h;, since h; follows hj. On the other hand, forward 
belief in substantive rationality does not require this, as it only restricts the 
belief that player i has at h; about the beliefs that opponents have at infor- 
mation sets following hi, but not preceding h;. At the same time, it can be 
verified that forward belief in substantive rationality implies common initial 
belief in condition (3). 

We also present a weaker version of forward belief in rationality, which 
we call forward belief in material rationality. Let H;(t;, hi) be the set of 
those player j information sets h; following h; which t; believes to be reached 
from h;. Consider the following recursive procedure: 


FBMR; (h;) = {t; € T; | t; believes at h; that every j 4 i chooses 
rationally at all hj in H;(t,, hi)} 


for alli € J and all h; € HF, and 


FBMR}*"(h;) = {ti € T; | Bij(ti, hi|Tj) © FBMRÈ(h;) for all j A 
i and all hj in Hj; (ti, hi)} 


for all ¿ € I, h; € HF and k > 1. 


Definition 2.7 (Forward belief in material rationality). A type t; is said 
to respect forward belief in material rationality if ti € FBMR*(h;) for all k 
and all h; € H;. 


The crucial difference with forward belief in substantive rationality is 
thus that a type is only required to believe his opponents to choose rationally 
at future information sets which he believes to be reached. And a type is only 
required to believe that the opponents’ types believe so at future information 
sets which he believes to be reached, and so on. 

The condition in the first step of the recursive procedure, namely that t; 
believes at h; that every opponent j chooses rationally at all h; in H; (ti, hi), 
corresponds exactly to condition (4) of Definition 2.5. However, by the same 
argument as above for forward belief in substantive rationality, it can be 
verified that forward belief in material rationality is logically weaker than 
common belief in condition (4) of Definition 2.5. On the other hand, forward 
belief in material rationality implies common initial belief in condition (4). 


3 Epistemic foundations for backward induction 


In this section we provide an overview of various epistemic foundations that 
have been offered in the literature for backward induction. A comparison 
between these foundations is difficult, since the models used by these foun- 
dations differ on many aspects. 
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A first important difference lies in the way the players’ beliefs about the 
opponents are expressed. Some models express the players’ beliefs directly 
by means of logical propositions in some formal language. Other models 
represent the players’ beliefs indirectly by a set of states of the world, and 
assign to each state and every player some strategy choice for this player, 
together with a belief that the player holds at this state about the state 
of the world. From this model we can derive the higher-order beliefs that 
players hold about the opponents’ choices and beliefs. There are yet some 
other models that represent the players’ beliefs indirectly by means of types, 
and assign to every type some belief about the other players’ choices and 
types. Similarly to the previous approach, the players’ higher-order beliefs 
can be derived from this model. We refer to these three approaches as the 
syntactic model, the state-based semantic model and the type-based syntactic 
model. Note that our base model from the previous section belongs to the 
last category. This choice is somewhat arbitrary, since we could as well have 
chosen a syntactic or state-based semantic base model. 

Even within the state-based semantic model, the various papers differ 
on the precise formalization of the beliefs that players have about the state 
of the world. Similarly, within the type-based model different papers use 
different belief operators expressing the players’ beliefs about the opponents’ 
choices and types. 

Finally, some models impose additional conditions on the extensive form 
structure, such as one information set per player, or the presence of only 
two players, whereas other papers do not. 

In spite of these differences, all foundations have two aspects in common. 
First, all models provide a theorem, say Theorem A, which gives a sufficient 
condition for backward induction. Hence, Theorem A states that if player 
ts belief revision procedure about the other players’ choices, preferences 
and beliefs satisfies some condition BR, then his unique optimal choice is 
his backward induction choice. Secondly, all models guarantee that this 
sufficient condition BR is possible. That is, each paper provides a second 
result, say Theorem B, which states that for every player i there is some 
model in which player i’s belief revision procedure satisfies condition BR. 
As we shall see, the various foundations differ in the sufficient condition BR 
that is being employed. 

In order to explicitly compare the different foundations for backward 
induction, we attempt to express the various conditions BR used by the 
different models in terms of our base model. By doing so, we express the 
Theorems A and B used by the various foundations in the following stan- 
dardized form: 


Theorem A. Let S be an extensive form structure with perfect informa- 
tion, and let M = (T;, Pj, Bj)jer be an epistemic base model for S. Let 
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(P;)jer be a profile of strict preference relations over the terminal nodes. 
If type t; € T; has preference relation P,, and if t;’s conditional belief vec- 
tor about the opponents’ strategy choices and types satisfies condition BR, 
then there is a unique strategy that is rational for t; at all information sets, 
namely his backward induction strategy in the game given by (Pj) jer. 


Theorem B. Let S be an extensive form structure with perfect informa- 
tion, and let z be a player. Then, there is some epistemic base model 
M = (T;, Pj, Bj)jer for S and some type t; € T; such that t,’s conditional 
belief vector satisfies BR. 


In the overview that follows, we provide a brief description of every 
model, identify the condition BR that is being used, and explain how this 
condition may be expressed in terms of our base model. The models are 
put in alphabetical order. 


3.1 Asheim’s model 


Asheim uses a type-based semantic model, restricted to the case of two play- 
ers, in which the players’ beliefs are modelled by lexicographic probability 
distributions [As02]. Formally, an Asheim model is given by a tuple 


M = (Ti, vi, Ài Jier 


where T; is a finite set of types, v; is a function that assigns to every t; some 
von Neumann-Morgenstern utility function v;(t;) over the set of terminal 
nodes, and A; is a function that assigns to every type t; some lexicographic 
probability system A;(t;) on S; x T; with full support on S}. Such a lexico- 


graphic probability system 2,(t;) is given by a vector (A}(t;),..., MGC) t) 


a 


of probability distributions on Sj x Tj. The interpretation is that 
ADE 0255 MEE t) represent different degrees of beliefs, and that the kth 


degree belief AF (ti) is infinitely more important than the (k + 1)st degree 
belief \**1(¢;), without completely discarding the latter. The lexicographic 
probability system 2;(¢;) induces in a natural way first-order conditional 
beliefs about player j’s choices, as defined in our base model. Namely, for 
every h; € Hž, let ki(ti, hi) be the first k such that \¥(t;) assigns positive 
probability to some strategy sj € S;(h;), and let Buy (ta, hi) C S4(h;) be the 
set of strategies in 5;(h;) to which AE eha) (t) assigns positive probabil- 
ity. Then, t; induces the conditional belief vector (Bi; (ti, hi) )hiens about 
player j’s strategy choice. For every hj, let Ti; (t;,hi) C Tj be the set of 
types to which AE eha) ce assigns positive probability. Then, the induced 
second-order belief of t; at h; about player j’s belief at hj about player 


ts choice is given by the union of the sets B;ilt;, hj) with t; € Tis (ti, hi). 
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Similarly, higher-order beliefs about strategy choices can be derived from 
Asheim’s model. 

In Asheim’s model, a strategy s; is called rational for type t; € T; at 
information set h; if s; is optimal with respect to the utility function v;(t;) 
and the lexicographic probability system A,;(t;|h;), where A;(t;|h;) denotes 
the conditional of the lexicographic probability system A;(t;) on Sj (hi) x Tj. 
In particular, if s; is rational for t; at h; then s; is rational with respect 
to the preference relation Ê, and the set-valued belief Bi (ti, hi), as defined 
above, where Ê, is the preference relation on terminal nodes induced by 
vilti). 

Asheim’s sufficient condition for backward induction is based on the 
notion of admissible subgame consistency. A type t; in an Asheim model 
is said to be admissible subgame consistent with respect to a given profile 
(õj)jer of utility functions if (1) u;(t;) = 0;, and (2) for every h; € Hž, 
the probability distribution eee) (t;) only assigns positive probability to 
strategy-type pairs (s;,t;) such that sj is rational for tj at all hj € H; 
that follow h;. In terms of our base model, this condition can be expressed 
as: (1’) P,(t;) = P;, and (2’) t; always believes in rationality at all future 
information sets. In fact, condition (2’) is weaker than condition (2) since 
the notion of rationality in (2’) is weaker than the notion of rationality in 
(2), but condition (2’) would have sufficed to prove Asheim’s theorem on 
backward induction. 

In Proposition 7, Asheim shows that if a type t; respects common certain 
belief in the event that types are admissible subgame consistent with respect 
to (0;);er, then t; has a unique strategy that is rational at all information 
sets, namely his backward induction strategy with respect to (0;)j;er. Here, 
“certain belief in an event E” means that type t;, in each of his probability 
distributions A*(t;), only assigns positive probability to types in F. In terms 
of our base model, this means that the type believes the event E at each of 
his information sets. In Proposition 8, Asheim shows that common certain 
belief in admissible subgame consistency is possible. Expressed in terms of 
our base model, Asheim’s sufficient condition for backward induction may 
thus be written as follows: 

Asheim’s condition BR: Type t; respects common belief in the events 
that (1) types hold preference relations as specified by (P;);c7, and (2) types 
always believe in rationality at all future information sets. 


3.2 Asheim & Perea’s model 


In [AsPe205], Asheim and Perea propose a type-based semantic model that 
is very similar to the model from Section 3.1. Attention is restricted to 
two-player games, and an Asheim-Perea model corresponds to a tuple 


M = (T;, vi, Ai, liJicr, 
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where T;, vi and A; are as in Asheim’s model, and 4; is a function that 
to every type t; and event Æ C S; x Tj assigns some number 4;(t;, E) € 
{1,..., Ki(t:)}. (Recall that K;(t;) denotes the number of probability dis- 
tributions in \;(t;)). The interpretation of 4; is that 4;(t;, E) specifies the 
number of probability distributions in ;(t;) that are to be used in order to 
derive the conditional lexicographic probability system of A;(t;) on E. For 
instance, if player 7 observes that his information set h; has been reached, 
this would correspond to the event E = S;(h;) x T;. In this case, player 
i would use the first 4;(t;, E) probability distributions in \,(t;) in order to 
form his conditional belief about j upon observing that h; has been reached. 
Two extreme cases are (;(t;, E) = kilti, hi), where player 7 would only use 
the first probability distribution in \;(t;) that assigns positive probability 
to some player j strategy in S;(h;), and ¢;(t;, E) = K;(ti), where player i 
would use the full lexicographic probability system A;(t;) to form his con- 
ditional belief upon observing that h; is reached. Recall that k;(ti, hi) is 
the first k such that A*(t;) assigns positive probability to some strategy 
Sj E Si (hi). 

The sufficient condition for backward induction is based on the event 
that types induce for every opponent’s type a sequentially rational behavior 
strategy. Consider a type ti, and let T: be the set of types to which the 
lexicographic probability system A;(t;) assigns positive probability (in some 
of its probability distributions). Asheim and Perea assume that for every 
ty € T and every s; € Sj, the lexicographic probability system A;(t;) 
assigns positive probability to (s;,t;). For every information set h; € Hj 
and action a € A(h;), let S;(hj,a) be the set of strategies in S;(h;) that 
select action a at hj. Define for every type t; € Tj’, h; € H; and a € A(h;) 


stilt (h-\(q) = ESAs a) x {ty}) 
FN) = EEN A 


where k is the first number such that A¥ (t:i) (S; (hj) x {t;}) > 0. The vector 


otitis — (atl (hy)(a))n,eH;,a€A(hy) 


is called the behavior strategy induced by ti for tj. My interpretation of 
tlt (h (a) is that it describes tis conditional belief about t;’s action 
j J J 

choices at future and parallel information sets. Let me explain. Consider an 


information set h; for player i and an information set h; for player 7 which 


either follows h; or is parallel to h;. Then, my interpretation of ane (h;)(a) 
is that type t; believes at h; that type tj at information hj chooses action 
a with probability gee (h;)(a). Namely, the information that the game has 
reached h; does not give type t; additional information about the action 
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choice of tj at hj, and hence en (h;) provides an intuitive candidate for 
the conditional belief of t; at h; about t;’s behavior at hj. 

However, if hj precedes h;, then ae (h;)(a) does not necessarily de- 
scribe t,’s belief at h; about t;’s action choice at hj. In this case, there is 
namely a unique action a* at h; that leads to h;, whereas ca (h;)(a*) may 
be less than one (in fact, may be zero). On the other hand, it should be 
clear that t; should believe (with probability 1) at h; that t; has chosen a* 
at hj, since it is the only action at hj that leads to h;. Hence, in this case 
ge (h;)(a) cannot describe t;’s belief at h; about t;’s choice at hj. 

For every information set hj € H}, let gue |n; be the behavioral strat- 
egy that assigns probability one to all player j actions preceding hj, and 

tilt, tilt; 


coincides with o; ° otherwise. The induced behavior strategy o,''” is said 


to be sequentially rational for t; if at every information set h; € H}, the 
behavior strategy a |n; only assigns positive probability to strategies in 
S;(h;) that are rational for t; at hj (in the sense of Asheim’s model above). 
Type t; is said to induce for every opponent’s type a sequentially rational 
behavior strategy if for every t; € Tj’ it is true that a’ is sequentially 


“i tilta 
rational for tj. As we have seen above, o; lts represents for every h; € HY 


type t;’s conditional belief at h; about player j’s behavior at future and par- 
allel information sets. The requirement that a always be sequentially 
rational for t; thus means that t; always believes in rationality at all future 
and parallel information sets. 

In Proposition 11, Asheim and Perea show that if a type t; respects 
common certain belief in the events that (1) types have utility functions 
as specified by (0;);er, and (2) types induce for every opponent’s type a 
sequentially rational behavior strategy, then t; has a unique strategy that is 
rational at all information sets, namely his backward induction strategy with 
respect to (@;)j;¢r. The existence of such types follows from their Proposition 
4 and the existence of a sequential equilibrium. In terms of our base model, 
Asheim and Perea’s sufficient condition may thus be stated as follows: 


Asheim & Perea’s condition BR: Type t; respects common belief in the 
events that (1) types hold preference relations as specified by (P;)icer, and 
(2) types always believe in rationality at all future and parallel information 
sets. 


3.3 Aumann’s model 


Aumann proposes a state-based semantic model for extensive form struc- 
tures with perfect information [Au95]. An Aumann model is a tuple 


M = (Q, (Bi, fi, vi)ier) 
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where Q represents the set of states of the world, B; is a function that assigns 
to every state w € Q some subset B;(w) of states, f; is a function that assigns 
to every state w some strategy fi(w) € Si, and v; is a function that assigns 
to every w some von Neumann-Morgenstern utility function v;(w) on the set 
of terminal nodes. The functions B; must have the property that w € B;(w) 
for all w, and for all w,w’ € Q it must hold that B;(w) and B;(w’) are either 
identical, or have an empty intersection. Hence, the set {B;(w)|w E€ Q} isa 
partition of Q. The interpretation is that at state w, player i believes that 
the true state is in B;(w). (In fact, Aumann uses the term “knows” rather 
than “believes”). The functions f; and v; must be measurable with respect 
to Bi, meaning that f;(w’) = fi(w) whenever w’ € B;(w), and similarly for 
vi. The reason is that player i cannot distinguish between states w and w’, 
and hence his choice and preferences must be the same at both states. 

It is problematic, however, to formally translate this model into condi- 
tional beliefs of our base model. Consider, for instance, a game with three 
players, in which players 1, 2 and 3 sequentially choose between Stay and 
Leave, and where Leave terminates the game. Consider a state w where 
fi(w) = Leave and Bo(w) = {w}. Then, at player 2’s information set, player 
2 must conclude that the state cannot be w, but must be some state w’ 
with f:(w’) = Stay. However, there may be many such states w’, and hence 
it is not clear how player 2 should revise his belief about the state at his 
information set. Since his revised belief about the state will determine his 
revised belief about player 3’s choice, it is not clear how to explicitly define 
player 2’s revised belief about player 3’s choice from Aumann’s model. 

At the same time, Aumann’s Theorem A provides sufficient conditions 
for backward induction, and hence Aumann’s model must at least implicitly 
impose some restrictions on the players’ belief revision procedures, since 
otherwise backward induction could not be established. The main task in 
this subsection will be to identify these implicit assumptions about the belief 
revision procedures, and incorporate these as explicit restrictions in our base 
model. Since such an identification is a rather subjective procedure, this 
approach will eventually lead to a model which is a subjective interpretation 
of Aumann’s model. 

The model as proposed by Aumann is essentially a static model, since for 
every state w and every player i, his belief B;(w) is only defined at a single 
moment in time. My interpretation of these static beliefs is that players, 
upon observing that one of their information sets has been reached, do not 
revise more than “strictly necessary”. In fact, the only beliefs that must be 
revised by player 7 when finding out that his information set h; has been 
reached are, possibly, his beliefs about the opponents’ choices at information 
sets preceding h;. That is, if player 2 in the example above finds out that 
player 1 has chosen Stay, then this should not be a reason to change his 
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belief about player 3’s choice. Even stronger, we interpret Aumann’s static 
beliefs in this game as beliefs in which player 2 only changes his belief about 
player 1’s choice, while maintaining all his other beliefs, including his beliefs 
about the opponents’ beliefs. Hence, if we interpret Aumann’s model in this 
way, and express it accordingly in terms of our base model, then every type 
is supposed to never revise his belief about the opponents’ choices and the 
opponents’ beliefs at future and parallel information sets. A type t;, when 
arriving at some information set h;, may only revise his belief about the 
opponents’ choices at information sets that precede h; (but not about their 
types). For further reference, we call this condition the “no substantial 
belief revision condition”. 

The sufficient condition for backward induction presented by Aumann 
is common knowledge of rationality. Let w be a state, i a player and h; an 
information set controlled by i. At state w, player i is said to be rational at 
information set h; if there is no s; € S; such that for every w € B(w) it 
holds that 


viw) (elsi (fj) )jailha)) > vi(w) (2 File), fiw Dzi), 


where z(s;,(f;(w’));4i|hi) is the terminal node that is reached if the game 
would start at h;, and the players would choose in accordance with 
(si, (f;(w’));4:). In terms of our base model, this means that strategy fi(w) 
is rational for player i at h; with respect to the utility function v;(w) and 
his first-order belief {(f;(w’));4: |w" € Bi(w)} about the opponents’ choices 
after h;. Let Q"? be the set of states w such that at w all players are rational 
at each of their information sets. 

Common knowledge of rationality can now be defined by the following 
recursive procedure: 


CKRE = rt; 
CKR#*t1 = fw EQ | Bi(w) € CKR* for all players i} 


for k > 1. Then, common knowledge of rationality is said to hold at w if 
w € CKR* for all k. In Theorem A, Aumann proves that for every profile 
(0;)jer of utility functions, for every state w at which common knowledge 
of (õj)jer and common knowledge of rationality hold, and for every player 
i, the strategy f;(w) is the backward induction strategy for player i with 
respect to (0;)j;ez. In Theorem B, Aumann proves that there is an Aumann 
model and a state w at which common knowledge of (0;);¢7 and common 
knowledge of rationality hold. 

In terms of our base model, common knowledge of rationality implies 
common initial belief in rationality at all information sets. By the latter we 
mean that a type (1) initially believes that all players choose rationally at 
all information sets, (2) initially believes that every type initially believes 
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that all players choose rationally at all information sets, and so on. To- 
gether with the “no substantial belief revision condition” above, this would 
imply that a type always believes that types initially believe that all play- 
ers choose rationally at all information sets, and that a type always believes 
that types always believe that types initially believe that players choose ra- 
tionally at all information sets, and so on. Hence, a possible interpretation 
of Aumann’s condition of common knowledge of rationality, together with 
the “no substantial belief revision condition”, in our base model would be: 
common belief in the event that players initially believe in rationality at all 
information sets. Similarly, common knowledge of (õ;)jez, together with the 
“no substantial belief revision condition”, could be interpreted as common 
belief in the event that types have preferences according to (P;) jer, where 
P; is the preference relation that corresponds to õ;. That is, Aumann’s suf- 
ficient conditions for backward induction could be interpreted as follows in 
terms of our base model: 


Aumann’s condition BR: Type t; respects common belief in the events 
that (1) types hold preferences as specified by (P;)jer, (2) types initially 
believe in rationality at all information sets, and (3) types never revise 
their beliefs about the opponents’ choices and beliefs at future and parallel 
information sets. 


In [Clp03], Clausing basically provides a reformulation of Aumann’s 
model and definitions in a syntactic framework. Clausing’s sufficient condi- 
tion for backward induction is a little weaker than Aumann’s, since Clausing 
only requires “true (k — 1)st level belief’ in rationality at all information 
sets, where k is the maximal length of a path in the game tree, which is 
weaker than common knowledge of rationality as defined by Aumann. Que- 
sada proves, in [Qu03, Propositions 3.3 & 3.4] that Aumann’s backward 
induction theorem can also be shown without imposing that w € B;(w) for 
all w, and without imposing that for all w,w’ € Q it must hold that B;(w) 
and B;(w’) are either identical, or have an empty intersection. That is, 
Quesada no longer assumes a partition structure, nor does he require that 
what one believes must be true. The only substantial conditions that [Qu03] 
imposes on the belief operator is that f;(w’) = f;(w) whenever w’ € B;(w), 
and similarly for v;. Hence, a player must be aware of his choice and his 
utility function. 

However, since the models by Clausing and Quesada [Cl 903, Qu03] are 
identical in spirit to Aumann’s, we omit a formal discussion of these models 
in this overview. 


3.4 Balkenborg & Winter’s model 


In [Bas Wi297], Balkenborg and Winter present a state-based semantic model 
that is almost identical to Aumann’s model, so we do not repeat it here. 
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The only difference is that Balkenborg and Winter restrict attention to ex- 
tensive form structures in which every player controls only one information 
set. However, the sufficient conditions given for backward induction are dif- 
ferent from Aumann’s conditions, as they are based on the notion of forward 
knowledge of rationality rather than common knowledge of rationality. 

For every player i, let h; be the unique information set controlled by 
player i. The definition of player i being rational at h; is the same as in 
Aumann’s model. Let Q'** be the set of states w such that at w, player i is 
rational at h;. We say that player j comes after player i if hj comes after 
hi. Forward knowledge of rationality can now be defined by the following 
recursive procedure. For every player 7 define: 


FKR; = (19% 
PKR = {wE| Bw) Cc FKR% for all j that come after i}, 


for every k > 1. Then, forward knowledge of rationality is said to hold at 
state w if w € FKRË for all ¿ and all k. That is, player i believes that every 
player after him will choose rationally, believes that every player after him 
believes that every player after him will choose rationally, and so on. So, 
it corresponds to our notion of forward belief in substantive rationality in 
Definition 2.6. 

In Theorem 2.1, Balkenborg and Winter prove that for every profile 
(õj)jer of utility functions, for every state w at which common knowledge 
of (@;)j;e7 and forward knowledge of rationality hold, and for every player i, 
the strategy f;(w) is the backward induction strategy for player i with re- 
spect to (ŭ;)jer. Balkenborg and Winter’s sufficient condition for backward 
induction may thus be phrased as follows in terms of our base model: 


Balkenborg & Winter’s condition BR: Type t; (1) respects common 
belief in the event that types hold preferences as specified by (P;) jer, (2) 
respects forward belief in substantive rationality, and (3) respects common 
belief in the event that types never revise their beliefs about the opponents’ 
choices and beliefs at future and parallel information sets. 

Quesada proves in [Qu03, Proposition 3.1] that Balkenborg and Winter’s 
sufficient condition for backward induction would still be sufficient if one 
weakens the conditions on the knowledge operators as explained at the end 
of the previous subsection. 


3.5 Clausing’s model 


Clausing presents a syntactic model for games with perfect information 
[Clo04]. For our purposes here it is not necessary to discuss the com- 
plete formalism of Clausing’s model, and therefore we restrict ourselves to 
presenting only the key ingredients. A major technical difference between 
our description here and Clausing’s original model is that we shall employ 
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“statements” instead of logical propositions. The reader is referred to the 
original paper for the syntactic formalism employed by Clausing. For our 
restricted purposes here, a Clausing model may be described as a tuple 


M = (L, (Bi, vi)ier) 


where L is a language, or set of statements, Ê; is a function that assigns 
to every statement f € L some subset B;(f) C L of statements, and v; is a 
utility function for player i on the set of terminal nodes. By “g € B;(f)” we 
mean the statement that “player i believes statement g upon learning that 
f holds”. It is assumed that L contains all statements of the form “player 
i chooses strategy s;”, and that it is closed under the operations — (not), A 
(and) and B;. By the latter, we mean that if f and g are statements in L, 
then so are the statements “af”, “f A g” and “g € (fY. 

Clausing’s sufficient condition for backward induction is forward belief 
from the root to all information sets h in rationality at h. We say that 
strategy s; is rational for player 7 at information set h; if there is no other 
strategy s; € 9;(h;) such that player 7 would believe, upon learning that 
hi has been reached, that s; would lead to a higher utility than s;. For- 
mally, there should be no s; € S;(h;) and no statement f € L about the 
opponents’ strategy choices such that (1) player i believes f upon learning 
that all opponents j have chosen a strategy in S;(h;), and (2) for every 
opponents’ strategy profile s_; compatible with f it would be true that 
vilz(s;,s—ilhi)) > vilz(si, 8_i|hi)). Player i is said to believe at h; that 
player j is rational at h; if, upon learning that h; has been reached, player 
i believes the statement “player 7 chooses a strategy that is rational for j 
at hj”. Forward belief from the root to all information sets h in rationality 
at h can now be defined by the following sequence of statements: 


FB;(h;) = “player i believes, upon learning that h; has been 
reached, that every opponent 7 will be rational at all 
hj that follow h;” 


for all players 2 and all h; € H;, and 


FB‘*1(h;) = “player i believes, upon learning that h; has been 
reached, the statement FB (hj) for all opponents j 
and all hj that follow h,” 


for all players i, h; € H¥ and k > 1. Player i is said to respect forward belief 
from the root to all information sets h in rationality at h if for every hi, 
player i believes, upon learning that h; has been reached, the statements 
FB* (hj) for all k, all opponents j and all h; € H; that follow h;. In Propo- 
sition 2, Clausing shows that this condition implies backward induction, 
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whereas his Proposition 3 demonstrates that this condition is possible. In 
terms of our base model, Clausing’s condition clearly corresponds to forward 
belief in substantive rationality. 


Clausing’s condition BR: Type t; (1) respects common belief in the 


event that types hold preferences as specified by (P;)jer, and (2) respects 
forward belief in substantive rationality. 


3.6 Feinberg’s model 


Feinberg provides a syntactic model for dynamic games which is similar to 
Clausing’s model [Fe05]. Since a full treatment of Feinberg’s model would 
take us too far afield, we present a highly condensed version of his model 
here, which will serve for our restricted purposes. As with the discussion of 
Clausing’s model, we refer to the original paper for the syntactic formalism. 
For our purposes here, a Feinberg model may be described as a tuple 


M = (L, (Ci, vi)ier) 


where L is a language, or set of statements, C; is a function that selects for 
every information set h; € Hj a set C;(h;) C L of statements, and v; is a 
utility function for player 2 on the set of terminal nodes. The interpretation 
of f € Ci(h;) is that player i is confident of statement f at information set 
hi. The language L must contain all statements of the form “player i chooses 
strategy s;”, and must be closed under the application of the operators — 
(not), A (and) and C;(h;). By the latter we mean that, if f is a statement 
in L, then the statement “f € C;(h;)” must also be in L. 

Feinberg characterizes the confidence operator by means of a list of ax- 
ioms, which largely coincides with the list of classic axioms for a knowledge 
operator. The single, but crucial, difference is that a player may be confi- 
dent of a statement that is objectively wrong, whereas this is not possible 
in the case of a knowledge operator. However, in Feinberg’s model a player 
must always be confident that he is right, that is, a player must be confident 
that all statements he is confident of are true. 

Feinberg presents two different sufficient conditions for backward in- 
duction, namely common confidence of hypothetical rationality and iterated 
future confidence of rationality. Strategy s; is said to be rational for player 
i at h; if there is no other strategy s; € S;(h;) such that player i would be 
confident at h; that s; would lead to a higher utility than s;. By the latter, 
we mean that there should be no s; € S;(h;), and no statement f about the 
opponents’ strategy choices, such that (1) i is confident of f at h;, and (2) 
for every opponents’ strategy profile s_; compatible with f it would hold 
that v;(z(s/, s_i)|Ri) > vilz(si, s—i)|hi). We say that i is confident at h; 
that j is rational at h; if the statement “player j chooses a strategy that is 
rational for j at hj” belongs to C;(h;). Common confidence in hypotheti- 
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cal rationality can now be defined recursively by the following sequence of 
statements: 


CCHR! = “every player i is confident at every h; that every oppo- 
nent j will be rational at every hj not preceding h,” 


and, for every k > 1, 


CCHR**1 = “every player i is confident at every h; of CCHR*”. 


Player 7 is said to respect common confidence in hypothetical rationality if, 
for every h; and every k, player i is confident at h; of CCHR*. In Proposition 
10, Feinberg shows that this condition is possible, and implies backward 
induction. In terms of our base model, this condition corresponds exactly 
to our definition of common belief in the event that types always believe in 
rationality at all future and parallel information sets. 
Feinberg’s first condition BR: Type t; respects common belief in the 
events that (1) types hold preference relations as specified by (P;) jer, and 
(2) types always believe in rationality at all future and parallel information 
sets. 

Iterated future confidence of rationality can be defined by means of the 
following sequence of statements: 


IFCR;(h;) = “player i is confident at h; that all opponents j will 
be rational at all h; that follow h;” 


for alli € J and all h; € HŽ, and 


IFCR}**(h;) = “player i is confident at h; of IFCRË(h;) for all op- 
ponents j and all hj that follow h,” 


for alli € I, h; € H* and k > 1. Player i is said to respect iterated future 
confidence of rationality if, for every k, every h;, every opponent j, and every 
h; following h;, player i is confident at h; of IFCR} (hj). Feinberg shows in 
his Proposition 11 that this condition is possible and leads to backward 
induction. In terms of our base model, this condition corresponds to our 
definition of forward belief in substantive rationality. 


Feinberg’s second condition BR: Type t; (1) respects common belief 
in the event that types hold preferences as specified by (P;)jer, and (2) 
respects forward belief in substantive rationality. 


3.7 Perea’s model 


Perea proposes a type-based semantic model that is very similar to our 
base model [Pe205]. The difference is that in [Pe205], the players’ initial 
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and revised beliefs are assumed to be point-beliefs, that is, contain exactly 
one strategy-type pair for each opponent. Moreover, in [Pe205] the model 
is assumed to be complete which will be defined below. An important 
difference between Perea’s model and the other models discussed here is 
that Perea’s model explicitly allows for the possibility that players revise 
their belief about the opponents’ preference relations over terminal nodes 
as the game proceeds. A Perea model is a tuple 


M = (Ti, P;, Biier 


where T; is player ts set of types, P; assigns to every type t; € T; a 
strict preference relation P;(t;) over the terminal nodes, Ê; assigns to ev- 
ery type t; € T; and every information set h; € H¥ a belief Bi(ti, hi) C 
I] j4:(S;(2i) x Tj) consisting of exactly one point, and the model M is 
complete. The assumption that the belief B; (ti, hi) consists of exactly one 
point means that t;, at every information set h;, is supposed to consider 
only one strategy-type pair (s;,t;) possible for every opponent j. However, 
this point-belief may change as the game proceeds. By a complete model, 
we mean that for every player i, every strict preference relation Ê; and ev- 
ery belief vector B; = (B;(hi))n:e H; consisting of conditional point-beliefs 
Bi (ha) as described above, there is some type t; € T; with P,(t;) = Ê, and 
B; (ti, hi) = Bi (hi) for all h;. Since types may revise their belief about the 
opponents’ types, and different types may have different preference relations 
over terminal nodes, Perea’s model allows types to revise their belief about 
the opponents’ preference relations over terminal nodes. 

Perea’s sufficient condition for backward induction is common belief in 
the events that (1) players initially believe in (P;)ie7, (2) players initially 
believe in rationality at all information sets, and (3) the players’ belief 
revision procedures satisfy some form of minimal belief revision. The crucial 
difference with the other models discussed here is that condition (1) allows 
players to revise their belief about the opponents’ preference relations as the 
game proceeds. On the other hand, the conditions (2) and (3) as they have 
been defined in [Pe205] can be shown to imply that players should always 
believe that every opponent chooses rationally at all information sets; a 
condition that cannot be realized in general if players do not revise their 
beliefs about the opponents’ preference relations. 

A type t; is said to initially believe in (P;) jer if for every opponent J, 
the initial belief Ê;(t;, ho) about player j consists of a strategy-type pair 
(s;,t;) where P;(t;) = P;. In order to formalize condition (3), we need the 
definition of an elementary statement. A first-order elementary statement 
about player į is a statement of the form “player i has a certain preference 
relation” or “player i believes at h; that opponent 7 chooses a certain strat- 
egy”. Recursively, one can define, for every k > 2, a kth order elementary 
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statement about player 7 as a statement of the form “player i believes at h; 
that y” where y is a (k — 1)st order elementary statement. An elementary 
statement about player 7 is then an elementary statement about player i 
of some order k. Now, let h; € H;\ho, and let h; be the information set 
in H* that precedes h; and for which no other player i information set is 
between h; and h;. For every opponent j, let (sj, t/,) be the strategy-type 
pair in Ê; (ti, hi), and let (s;,t;) be the strategy-type pair in Bi(ti, hi). Type 
t; is said to satisfy minimal belief revision at h; if for every opponent j the 
strategy-type pair (s;,t;) is such that (1) sj is rational for t; at all infor- 
mation sets, (2) there is no other strategy-type pair (s/f, t4) in Sj(hi) x Tj 
satisfying (1) such that t} and t} disagree on fewer elementary statements 
about player j than tj and t} do, and (3) there is no other strategy-type pair 
(si, t7) in Sj(hi) x Tj satisfying (1) and (2) such P;(t}) and P;(t}) disagree 
on fewer pairwise rankings of terminal nodes than P;(t;) and P;(t}) do. It 
can be shown that this notion of minimal belief revision, together with the 
condition that players initially believe in rationality at all information sets, 
imply that a type always believes that his opponents choose rationally at 
all information sets. For the definition of minimal belief revision it is very 
important that the model M is assumed to complete. [Pe205, Theorem 5.1] 
shows that there is a Perea model which satisfies the sufficient condition 
listed above. Theorem 5.2 in that paper demonstrates that this sufficient 
condition leads to backward induction. As such, Perea’s sufficient condition 
for backward induction can be stated as follows in terms of our base model: 


Perea’s condition BR: Type t; respects common belief in the events that 
(1) types hold point-beliefs, (2) types initially believe in (P;)jer, (3) types 
always believe in rationality at all information sets, and (4) types satisfy 


minimal belief revision. 


3.8 Quesada’s model 


Quesada presents a model for games with perfect information which is nei- 
ther semantic nor syntactic [Qu02]. The key ingredient is to model the 
players’ uncertainty by means of Bonanno belief systems [Boo92]. A Bon- 
nano belief system is a profile 8 = (3;)ier, where 8; is a belief vector that 
assigns to every information set h (not necessarily controlled by player i) 
some terminal node 3;(h) which follows h. The interpretation is that player 
i, upon learning that the game has reached information set h, believes that 
he and his opponents will act in such a way that terminal node 6;(h) will 
be reached. A Quesada model is a pair 


M= (B, (vi)ier) 


where B is a set of Bonnano-belief systems, and v; is a utility function for 
player i over the terminal nodes. Quesada’s sufficient condition for backward 


Epistemic Foundations for Backward Induction 183 


induction states that every belief system in B should be rational, and that 
every belief system in B should be justifiable by other belief systems in B. 
Formally, a belief system 6 = (3;)ie7 is said to be rational if for every player 
i and every information set h; € H; it holds that v;(G;(hi)) > vi(Bi((hi, @))) 
for every action a € A(h,), where (h;,a) denotes the information set that 
immediately follows action a at h;. We say that belief system 8 = (Gi )ier 
in B is justifiable by other belief systems in 6 if for every player i, every 
hi € H;, every opponent j, and every hj € Hj between h; and the terminal 
node (3;(h;) there is some belief system p’ = (3;)ie7 in B such that 6;(h;) = 
Gi(h;). A belief system 8 = (8;)ier is called the backward induction belief 
system if for every player i and every information set h, 3;(h) is the terminal 
node which is reached by applying the backward induction procedure (with 
respect to (v;)ier) from h onwards. In Proposition 1, Quesada shows that 
there is one, and only one, set B which satisfies the two conditions above, 
namely the set containing only the backward induction belief system. 

We shall now attempt to express these conditions in terms of our base 
model. Take a set B of belief systems such that every belief system in B is 
justifiable by other belief systems in 6 (and thus satisfies Quesada’s second 
condition above). Then, every belief system (3; in B induces, for every hi, 
a point-belief about the opponents’ strategy choices as follows: For every 
hi there is some opponents’ strategy profile s_;(@i,hi) € Jj; $j(hi) such 
that, for every action a € A(h;), the action a followed by s_;(;, hi) leads 
to the terminal node (;(h;, a). Hence, s_;((;,h;) may be interpreted as 8;’s 
conditional point-belief at h; about the opponents’ strategy choices. (Note 
that this belief need not be unique, as 8; does not restrict player it’s beliefs at 
hi about opponents’ choices at parallel information sets). The belief vector 
ĝi also induces, for every h;, a conditional point-belief about the opponents’ 
belief vectors b; in B. Consider, namely, an information set h; € H;, some 
opponent j and an information set hj between h; and the terminal node 
Bi(hi) such that there is no further player j information set between h; and 
hj. Since B satisfies Quesada’s justifiability condition, there is some player 
j belief vector 3;(G;, hi) in B such that 3;(3;,hi)(hj) = Bi (hi). (Again, this 
choice need not be unique). This belief vector 8;(8;, hi) may then serve as 
G;’s conditional point-belief at h; about player j’s belief vector. Summa- 
rizing, every belief vector 9; induces, at every h;, a conditional point-belief 
about the opponents’ strategy choices and the opponents’ belief vectors. 

Now, if we interpret every belief vector ĝ; in B as a type ¢;(G;) in our 
base model, then, by the insights above, every type t;(3;) induces, at every 
hi, a conditional point-belief about the opponents’ strategy choices and 
types t;(G;). Hence, similarly to Perea’s model, Quesada’s model can be 
expressed in terms of our base model by imposing common belief in the 
event that types hold point-beliefs. Let T;(B) denote the set of all such types 
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t;(G;) induced by some belief vector 3; in B. A combination of Quesada’s 
rationality condition and justifiability condition implies that, whenever 6; 
in B believes at h; that player j chooses action a at some hj between h; and 
Gi(hi) (with no player j information set between h; and hj), then there is 
some rational belief vector 3;(@;, hi) in B such that 3;(G;,hi)(h;) = Bi(hi). 
In particular, action a must be part of the rational belief vector 3;(G;, hi), 
and hence action a must be optimal with respect to 6;(6i:, hi). In terms 
of our base model, this means that, whenever type t;((;) believes at hi 
that information set hj will be reached in the future, and believes at h; 
that player j will choose action a at hj, then t;((;) must believe at h; that 
player j is of some type t;(6;) for which a is rational. In other words, every 
type t;(G;) in T;(B) always believes in rationality at future information sets 
that are believed to be reached. However, since t;(8;) believes at every 
information set that every opponent j is of some type t;(8;) in T;(B), it 
follows that every ¢;(G;) in T;(B) always believes in the event that all types 
believe in rationality at future information sets that are believed to be 
reached. By recursively applying this argument, one may conclude that 
every t;(G;) in T;(B) respects common belief in the event that types always 
believe in rationality at future information sets that are believed to be 
reached. Quesada’s sufficient condition can thus be formulated as follows 
in terms of our base model: 


Quesada’s condition BR: Type t; respects common belief in the events 
that (1) types hold preferences as specified by (P;) jer , (2) types hold point- 
beliefs, and (3) types always believe in rationality at future information sets 
that are believed to be reached. 


3.9 Samet’s model 


Samet presents a state-based semantic model which is an extension of the 
models by Aumann and Balkenborg & Winter [Sa296]. A Samet model is a 
tuple 

M = (Q, (Bi, fi, vi, TiJier), 


where Q, Bi, fi and v; are as in the Aumann model, and 7; is a so-called 
hypothesis transformation that assigns to every state w and non-empty event 
E C Q some new state w’. My interpretation of 7; is that if player i currently 
believes that the state is in B;(w), but later observes the event Æ, then he 
will believe that the state is in B;(w’) N E. Samet defines the hypothesis 
transformation in a different, but equivalent, way. In Samet’s terminology, 
a hypothesis transformation assigns to every initial belief B;(w) and event 
E some new belief B;(w’) for some w’ € Q. However, this definition is 
equivalent to the existence of a function 7; as described in our model. The 
function 7; must satisfy the following two conditions: (1) B;(7i(w, E)) NE 
is nonempty for every w and E, and (2) 7;(w, E) = w whenever B;(w) has a 
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nonempty intersection with Æ. These conditions indicate that B;(7;(w, E))N 
E may be interpreted as a well-defined conditional belief for player i at state 
w when observing the event E. 

As to the functions f;, mapping states to strategy choices, it is assumed 
that for every terminal node z there is some state w € Q such that the profile 
(fi(w))ier of stategies reaches z. This implies that for every information set 
hi, the event 

[hi] = {w E Q | (fi(w))ier reaches hi} 


is nonempty, and hence can be used as a conditioning event for the hypoth- 
esis transformation 7;. Samet assumes in his model a function € (instead 
of (fi)ier) mapping states to terminal nodes, and assumes that for every 
terminal node z there is some w € Q with €(w) = z. However, he shows that 
this function € induces, in some precise way, a profile (f;)ie, of strategy 
functions, as we use it. We work directly with the strategy functions here, 
in order to make the model as similar as possible to the Aumann model and 
the Balkenborg-Winter model. 

In contrast to Aumann’s model and Balkenborg and Winter’s model, 
every state w in Samet’s model formally induces a conditional belief vector in 
our base model. Namely, take some state w, a player 7, and some information 
set h; € H7. Then, 


Bi(w, hi) := Bi(ri(w, [h:])) A [hi] 


respresents player it’s conditional belief at h; about the state. Since every 
state w’ induces for player j a strategy choice f;(w’) and a conditional be- 
lief vector (B; (w’,hy))nje H;, first-order conditional beliefs about the oppo- 
nents’ strategies, and higher-order conditional beliefs about the opponents’ 
conditional beliefs can be derived at every state with the help of the hypoth- 
esis transformations 7;. Hence, Samet’s model can be expressed directly and 
formally in terms of our base model. 

Samet’s sufficient condition for backward induction is common hypoth- 
esis of node rationality. At state w, player i said to be rational at h; € H; 
if (1) w € [A,], and (2) there is no s; € S; such that for every w € B;(w)N[hi] 
it holds that 


vi(w)(2(8i, (Fyw jrih) > vi(w) (2a), (fe) )szilha)), 


where the definition of this expression is as in Aumann’s model. Let 
[rat;(h;)] denote the set of states w such that at w, player i is rational at hi. 
Common hypothesis of node rationality can now be defined by the following 
recursive procedure: For every player i and information set h; € H¥, let 
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Note that, by condition (1) above, CHNR(h;, hi) only contains states at 
which h; is indeed reached. Now, let k > 0, and suppose that CHNR(hj, h;) 
has been defined for all information sets h; € H;,h; € H 3 such that hj 
comes after h;, and there are at most k information sets between h; and 
hj. Suppose now that hj comes after h;, and that there are exactly k + 1 
information sets between h; and h;. Let h be the unique information set 
that immediately follows h; and precedes h;. Define 


Common hypothesis of node rationality is said to hold at state w if w € 
CHNR(ho, h) for all information sets h. Hence, the player at ho believes 
that (1) every opponent j will choose rationally at those information sets 
hj that immediately follow ho, (2) every such opponent j will believe at 
every such h; that every other player k will choose rationally at those hz 
that immediately follow h;, and so on. 

Samet shows in Theorem 5.3 that for every profile (v;)ie, of utility func- 
tions, for every state w at which common knowledge of (v;)ie7 and common 
hypothesis of node rationality hold, the strategy profile (f;(w))ier leads to 
the backward induction outcome with respect to (v;)ier. In particular, the 
player at ho chooses the backward induction action at ho with respect to 
(v;)ier. In Theorem 5.4, Samet shows that there always exists some state 
w at which common knowledge of (vi)icr and common hypothesis of node 
rationality hold. 

For a given state w and information set h; € H;, say that common 
hypothesis of node rationality at h; holds if w € CHNR(h;, h) for all infor- 
mation sets h that follow h;. Then, Samet’s Theorem 5.3 can be generalized 
as follows: For every h; € H; and every w at which common knowledge of 
(v;)ier and common hypothesis of node rationality at h; hold, the strategy 
fi(w) chooses at h; the backward induction action with respect to hi. 

In order to express this sufficient condition in terms of our base model, it 
is important to understand all implications of common hypothesis of node 
rationality. By definition, common hypothesis of node rationality at h; 
implies that player i believes at h; that (1) every opponent j will choose 
rationally at every information set h; that immediately follows h;, (2) every 
such opponent j will believe at every such hj that every other player k 
will choose rationally at every hy that immediately follows hj, and so on. 
However, there are more implications. 

Consider namely an information set hj € H; that immediately follows 
hi and some information set hy E€ Hpk which immediately follows h; such 
that Bi(7:(w, [h;])) C [he]. Hence, in terms of our base model, player i 
believes at h; that hy will be reached. Suppose that state w is such that 
common hypothesis of node rationality at h; holds at w. By (1) above, it 
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holds that (1’) By(7(w, [h;])) N [Ay] C [rat;(h;)]. By (2) above, it holds for 
every w! € Bi(rs(w,[hy])) O [hy] that (2) Bilio’, Pal) [Pa] E [rate Ca). 
However, since B,(7;(w, | hy) C [hk], it follows that w € [hx] for ev- 
ery w E€ Bilri(w,[h;])). Since w € Bj(w’), we have that B;(w’) has a 
nonempty intersection with [hę], and hence (by the assumptions on 7;) 
T;(w’, [ha]) = w for every w € B;(7;(w, [h;])). We may therefore conclude 
that B;(7;(w’, [he])) = B;(w’) for every w € Bilri(w, [h;])) A [h;]. By (2’) it 
thus follows that B;(w’) A [hx] C [rat,(hs)] for every w € Bi (7; (w, [h;])) A 
[hj]. Since w € B;(w’), and w’ € [hx] for every w’ € Bi (Ti (w, [h;])), it fol- 
lows in particular that w € [rat,(h,)] for every w’ € Bilri(w, [h;])) A [Ry], 
which means that player 7 believes at h; that player k chooses rationally at 
hg. Hence, we have shown that common hypothesis of node rationality at 
h;i implies that player i believes at h; that player k chooses rationally at hz 
whenever (1) there is only one information set between h; and hę, and (2) 
player i believes at h; that hy, will be reached. By induction, one can now 
show that common hypothesis of node rationality at h; implies that player i 
believes at h; that player k chooses rationally at hy whenever (1) hy follows 
hi and (2) player i believes at h; that hy, can be reached. 

By a similar argument, one can show that common hypothesis of node 
rationality at h; implies that player i believes at h; that common hypothesis 
of node rationality will hold at every future information set h; which player 
i believes to be reached from h;. Together with our previous insight, this 
means that common hypothesis of node rationality may be expressed, in 
terms of our base model, by forward belief in material rationality (see our 
Definition 2.7). Samet’s sufficient condition for backward induction can 
thus be phrased as follows in terms of our base model: 


Samet’s condition BR: Type t; (1) respects common belief in the event 
that types hold preferences as specified by (Pj)jer, and (2) respects forward 
belief in material rationality. 


3.10 Stalnaker’s model 


Stalnaker proposes a state-based semantic model for perfect information 
games in which every information set is controlled by a different player 
[St198]. The model we present here is not an exact copy of Stalnaker’s 
model, but captures its essential properties. A Stalnaker model is a tuple 


M = (Q, (fi, vi, AiJier) 


where Q, f; and v; are as in the Aumann model, and A; is a function that 
assigns to every state w some lexicographic probability system (see Asheim’s 
model) A;(w) on Q. That is, A;(w) is a sequence (A}(w),..., AE) where 
A*(w) is a probability distribution on Q. For every information set h let 
[A] = {w E Q | (fi(w))ier reaches h}. We assume that [h] is non-empty for 
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all h, and that »;(w) has full support on Q. By the latter, we mean that 
for every w’ € Q there is some k € {1,..., K;(w)} such that A£ (w) assigns 
positive probability to w’. As such, A; and (f;);4; induce, for every state w, 
a probabilistic belief revision policy for player 7 in the following way. For 
every h; € H¥, let k;(w,h;) be the first k such that \¥(w) assigns positive 
probability to [h;]. Then, the probability distribution p;(w,h;) on [hi] given 
i (w,hi) 

Nei w,hi (w’) 

1 Ui 
p(w, hi)(w ) yD a) 

for every w’ € [h;] represents player i’s revised belief at w upon observing 
that h; has been reached. More generally, for every event E C Q, the 
probability distribution u;(w, Æ) on E given by 


mlw, Ew) = 2 


for every w’ € E defines player i’s revised belief upon receiving information 
E. Here, k;(w, E) is the first k such that A} (w) assigns positive probability to 
E. The lexicographic probability system »;(w) naturally induces, for every 
information set h; € H*, the non-probabilistic conditional belief 


Bilw, hi) := Supp pilw, hi), 


and hence Stalnaker’s model can be expressed directly in terms of our base 
model. 

Stalnaker’s sufficient condition for backward induction consists of com- 
mon initial belief in sequential rationality, and common belief in the event 
that players treat information about different players as epistemically inde- 
pendent. Player i is called sequentially rational at w if at every information 
set h; € H;, the strategy f;(w) is optimal given the utility function v;(w) 
and the revised belief about the opponents’ strategy choices induced by 
ilw, hi) and (fj)jzi. Let Q5? be the set of states at which all players are 
sequentially rational. Common initial belief in sequential rationality can be 
defined by the following recursive procedure: 


CIBSR: SOP 
CIBSR**! = {w €Q | Bi(w,ho) C CIBSR* for all players i} 


for all k > 1. Common initial belief in sequential rationality is said to hold at 
w ifw € CIBSR¥ for all k. We say that two states w and w’ are indistinguish- 
able for player i if fi(w) = fi(w’), vi(w) = u;(w’) and pi(w, hi) = p(w’, hi) 
for all h; € H;. An event E is said to be about player i if for every two 
states w,w’ that are indistinguishable for player i, either both w and w’ 
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are in E, or none is in E. We say that at w player i treats information 
about different players as epistemically independent if for every two dif- 
ferent opponents j and £, for every event Ej about player j and every 
event Fe about player £, it holds that p(w, Ej) (E) = pi(w, QE; (Ec) 
and p;(w, Ee)(E£;) = p(w, Q\ Ee) (E3). In his theorem on page 43, Stalnaker 
shows that common initial belief in sequential rationality and common be- 
lief in the event that players treat information about different players as 
epistemically independent lead to backward induction. 

In terms of our base model, common initial belief in sequential rationality 
corresponds to the condition that a type respects common initial belief in 
the event that types initially believe in rationality at all information sets. 
The epistemic independence condition cannot be translated that easily into 
our base model. The problem is that the base model only allows for beliefs 
conditional on specific events, namely events in which some information 
set is reached. On the other hand, in order to formalize the epistemic 
independence condition we need to condition beliefs on more general events. 
There is, however, an important consequence of the epistemic independence 
condition that can be expressed in terms of our base model, namely that the 
event of reaching information set h; should not change player 7’s belief about 
the actions and beliefs of players that did not precede h;. In order to see this, 
choose a player j that precedes h; and a player £ that does not precede h,. 
Note that the event of player j choosing the action leading to h; is an event 
about player j, and that the event of player £ choosing a certain action and 
having a certain belief vector is an event about player @. Hence, epistemic 
independence says that player 2’s belief about player @’s action and beliefs 
should not depend on whether player j has moved the game towards h; 
or not. Moreover, it is exactly this consequence of epistemic independence 
that drives Stalnaker’s backward induction result. In particular, if player i 
initially believes that player £ chooses rationally at his information set he 
(which does not precede h;), then player i should continue to believe so if 
he observes that h; has been reached. If we drop the assumption that every 
player only controls one information set, the condition amounts to saying 
that a player should never revise his belief about the actions and beliefs at 
future and parallel information sets. 

In terms of our base model, Stalnaker’s sufficient condition for backward 
induction can thus be stated as follows: 


Stalnaker’s condition BR: Type t; respects common belief in the events 
that (1) types hold preferences as specified by (P;)j¢r, and (2) types do not 
change their belief about the opponents’ choices and beliefs at future and 
parallel information sets, and type t; respects common initial belief in the 
event that (3) types initially believe in rationality at all information sets. 
Halpern provides an explicit comparison between the models of Aumann 


and Stalnaker [Hag01]. 
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TABLE 1. Overview of sufficient conditions for backward induction 
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3.11 Summary 


The discussion of the various models and sufficient conditions for backward 
induction can be summarized by Table 1. 

The table shows that several sufficient conditions for backward induc- 
tion, although formulated in completely different epistemic models, become 
equivalent once they have been expressed in terms of our base model. Note 
also that there is no model assuming common belief in the events that (1) 
types always believe in rationality at all information sets, and (2) types 
never revise their beliefs about the opponents’ preferences over terminal 
nodes. This is no surprise, since the papers [Re392, Re393] have illustrated 
that these two events are in general incompatible. Perea’s model maintains 
condition (1) and weakens condition (2), while the other models maintain 
condition (2) and weaken condition (1). Finally observe that all models as- 
sume (at least) initial common belief in the event that types initially believe 
in rationality at all information sets, plus some extra conditions on the play- 
ers’ belief revision procedures. If one would only assume the former, this 
would lead to the concept of common certainty of rationality at the begin- 
ning of the game, as defined in [BP97]. This concept is considerably weaker 
than backward induction, as it may not even lead to the backward induc- 
tion outcome. Hence, additional conditions on the players’ belief revision 
policies are needed in each model to arrive at backward induction. 
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Abstract 
Infinite games have been a valuable tool to characterize classes of 
real-valued functions. In this paper we review three important exam- 
ples: the Wadge, Backtrack, and Eraser games. We then present two 
natural generalizations of these games: the Basic Multitape game and 
the Multitape Eraser game and show that both games characterize a 
class of functions satisfying a certain partition property. 


1 Notation and background 


Most of our notation and terminology is standard in descriptive set theory 
and can be found in [Ke995] or [Mo,80]. As usual, for sets A and B, 4B 
denotes the set of functions from A to B. In particular, “w denotes the set 
of functions from w to w, i.e. “w is the set of w-length sequences of natural 
numbers. The notation <“ A denotes the set of finite sequences of elements 
of A, so that <“w denotes the set of finite sequences of natural numbers. 
We use £“w to denote <“wU“w. For s € <“w, let [s] := {ue “w : s C u}. 
For x € “w and k € w, let x — k be the sequence x shifted by k places; in 
other words, (x — k)(n) := a(n + k). 

We assume that the reader is familiar with the Borel hierarchy and ©? 
and T° notation. (The reader may consult [Ke995] or [M0180] for further 
information.) 

The Baire Space is the set “w with the topology generated by the basic 
open sets {[s] : s € <“w}. As is standard in set theory, we think of ele- 
ments of “w as being real numbers. A real-valued function f : “w —> Yw 
is continuous if the preimage of every open set is open, in other words if 
f-'[Y] € E} for every Y € SP. For A C “w and f : A > “w, we say 
that f is continuous if the preimage of every open set is open in the relative 
topology of A. 

We may consider more general classes (sets) of functions as follows. 
Define F(n,m) := { f : A > “w such that for every Y € X}, f-[Y] = XNA 
for some X € X? }. For example, F(1,1) denotes the continuous functions 
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and F(1,2) denotes the set of functions for which the preimage of every 
=! set is a X$ set in the relative topology of A. (The latter are commonly 
known as Baire Class 1.) The following diagram illustrates the classes of 
functions under consideration in this paper. 


F (2,3) 


F(1,1) 


The containments in the diagram (which are in fact proper) can easily be 
seen: in general, F(n+1,m) C F(n,m) (this is immediate) and F(n,m) C 
F(n+1,m-+1). 

We use the notation Fr(n,m) to denote the set of total functions in 
F(n,m), ie. Fr(n,m) := F(n,m) N {f : w => w}. For A C “w and 
T a boldface pointclass, a ['-partition of A is a pairwise disjoint sequence 
(An : n < w) such that A, = A, N A for some Aj, E€ T, and Uncu An = A. 
For F a set of real-valued functions, we define P(T, F) := {f : A — “w such 
that there is a T-partition (A, : n < w) of A such that f[An € F}. We use 
the notation Pr(T, F) := P(T, F) N {f :’w — “w}. For example, a special 
case of a well-known theorem of Jayne and Rogers states that a function 
f : “w > “w is F(2, 2) if and only if there is a II?-partition (An : n < w) of 
“w such that ffA, is continuous; in our notation, this may be written as 
Fr (2,2) a Prf, F(1, 1)). 

As a final background note, we prove the following lemma. 


Lemma 1.1. Let X C®wandl<a<uw,. If X € yo then X = Unew Xn 
satisfying: 

1) for each n, there exists Bn < a such that Xn € T3, and 

2) n Æ M => Xn N Xn = Ø. 


Proof. We begin by proving the lemma for a = 2. Since X € X9, by 
definition there is a sequence Xn € TI? such that X = Une, Xn. Let 
Yo := Xo and for n > 0, let Yn := Xn \ (Xo U --- U Xn-1). It follows that 
Unew Yn and that the Y„ are pairwise disjoint. Moreover, each Y, is the 
intersection of a closed set Xn and an open set On := “w\(Xo0U-:-UXn-1). 
Since we are working in the Baire Space, each open set Opn is the disjoint 
union of countably many basic open (clopen) sets, from which it follows 
that each Y,, is the disjoint union of countably many closed sets Y;,,,. Since 
the countable union of countable sets is countable, the sequence Y;,,, is as 
desired. 
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For the inductive case, assume that the lemma holds for all a’ < a and 
let X € D°., By definition, X = Ue, Xn with each Xn € TI, for some 
Bn < a. Let Yo := Xo and for n > 0, let Yn := Xn \ (Xo U +- U Xn-1). 
Each Y, is the intersection of a T3, set and a De, set, so we may apply 
the inductive hypothesis and argue as before. Q.E.D. 


2 Infinite games 


We will consider a variety of infinite token games in this paper. In each 
token game, there is a set A C “w and a function f : A — “w. There 
are two players, Player I and Player II, who alternate moves for w rounds. 
Player I begins by playing xo, Player II responds with yo, Player I responds 
with z1, and so forth: 


I: Xo Ly T2 z= (Tni: nEw) 


II: Yo yı Yo y = (yn: nEw) 


Player I plays elements x; E€ w and Player II plays elements y; E€ w U 
{Ti,..., Tk} for some finite set of tokens {T1,...,T,}. Informally, each 
token corresponds to an option that Player II has in the game. At the end 
of the game, Player I has produced a sequence x € “w and Player II has 
produced a sequence y € “(wU {T1,..., Tx }). 

The sequence y is a sequence of natural numbers and tokens—however, 
the rules of the game will say how to interpret y as a sequence (finite or 
infinite) of natural numbers only. Specifically, for each game we define an 
interpretation function + : ®(w U {T1,..., Tk}) > “w. Player II wins the 
game if u(y) = f(x). (If x A then Player II wins automatically.) Note 
that if x € A, Player II cannot possibly win the game if (y) is finite. 

A strategy for Player IT is a function 7 : Sw > <“(wU{Ti,..., Tk} 
such that lh(7(s)) = lh(s) and s C t => r(s) C T(t). The argument of T 
is a finite sequence of moves by Player I and the value of 7 is a finite 
sequence of moves by Player II. Informally, 7 tells Player II what to do in 
the game. With respect to the above diagram, if Player II follows 7 then 
T({Z0,+++Lk)) = (Yo, +++, Ye) and y = Uc, T(s). 

For a strategy 7 for Player II, it is convenient to define 7 : “w —> Y (w U 
{Ti,..., Te}), 


scx 


We then define 7(x) := 1(7(x)) and say that a strategy 7 for Player II is 
winning if T(x) = f(x) for every x € A. 
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We will proceed by defining specific token games G, each with the prop- 
erty that Player II has a winning strategy in G(f) if and only if f belongs 
to some particular class of functions. 

To get started, we will review the Wadge, Backtrack, and Eraser games. 


3 The Wadge game 


The Wadge game was developed by William Wadge in his thesis [Wao83] 
to characterize the notion of continuous reduction. We present a slightly 
modified version of the Wadge game to be consistent with our paradigm. 
Fix a set A C “w and a function f : A > “w. The Wadge game Gw/(f) 
has two players, Player I and Player II, who alternate moves for w rounds. 
Player I plays elements of w and Player II plays elements of w U {P}. The 
token P is interpreted to mean “pass”. 

Formally, to define the interpretation function we first define 0 : SY (w U 
{P}) > <“w by 6(2) := Ø and 


o(s) ifz=P, 
0(s)~(z) otherwise. 


We then define iw : “(w U {P}) > “w, ww(y) := Uscy (s). Letting 
x € “w be the infinite play of Player I and y € “(w U {P}) be the infinite 
play of Player II, Player II wins the game if x ¢ A or iw(y) = f(x). (Note 
that in order to have a chance, Player II must play infinitely often in w 
if Player I plays x € A.) If r is a Wadge strategy for Player II, we let 
P(x) = Usca T(S), P(x) := bw(7(x)) and say that 7 is winning for Player 
Il if F(x) = f(x) for alla € A. 
Examples. Suppose Player II plays the sequence 


(ao, a1,P,a2,P,P,a3,...), 
the interpretation will be 
(ao, @1, 42, 43,-.-). 
Suppose Player IT plays the sequence 
(ao, a@1,P,a2,P,P,P,P,...) 
with cofinally many passes, the interpretation will be 
(do, a1, a2). 


Note that Player II cannot win in this case if Player I plays in A. 
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Theorem 3.1 (Wadge). Let A C “w. A function f : A — “w is continuous 
< Player II has a winning strategy in the game Gw(f). 


Proof. We begin by noting that 


t(x) = LU (7(s)). 
scx 
<: Suppose 7 is the winning strategy. To show that f is continuous, it 
suffices to show that the preimage of a basic open set is open in the topology 
of A. Let t € <“w and let X := U {[s] : 6(7(s)) = t}. It is not difficult to 
check that f~1{[t]] =X A. 
=>: Define 7 by 


Ata i= ae if f[[s>(m)]] C [A(r(s))> (n)], 


mh T(s)~(P) otherwise. 


It is not difficult to check that 7 is well-defined and winning for Player 
II in Gw(f). 


Q.E.D. 


4 The Backtrack game 


The Backtrack game, a generalization of the Wadge game, was developed by 
Robert van Wesep [VW78]. In the Backtrack game Gp(f), Player II plays 
elements of wU{P,B}. As in the Wadge game, the token P is interpreted to 
mean “pass.” The token B, the “backtrack” option, allows Player II to erase 
his entire output and start playing a new sequence of natural numbers. 

Let tw be defined as in the Wadge game, we define the interpretation 
function vp : “(wU {P, B}) > w, 


(y) := 


Ø if Vi Jj>i y(j) = B 
tw(y— i) ifiis least such that Yj>i y(j) 4B 


We define 7 as usual and we say that a Backtrack strategy 7 is winning 
if 7 = f(x) for all x € A. 


Examples. Suppose Player II plays a sequence that contains infinitely 
many B’s, then the interpretation will be @ and Player II can only win if 
Player I plays out of A. Suppose Player II plays the sequence 


(ao, a1, B, a2, B, a3, 44, P, A5,+-+- ) 
with two B’s only, then the interpretation will be 


(a3, Q4,@5,...). 
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By a theorem of Andretta [An06b, Theorem 20], the Backtrack game 
characterizes the P(II}, F(2,2)) functions. 


Theorem 4.1 (Andretta). Let A C “w. A function f : A —> “w is 
P (TI), F(2,2)) & Player II has a winning strategy in the game Gp(f). 


Proof. <=: Assume that 7 is winning for Player II in the game G'p(f). Since, 
in the Baire space, every 5$ set is the disjoint union of countably many TI? 
sets (Lemma 1.1), it suffices to give a D9 partition. Let An := {a € A: 
on input x, 7 backtracks n times}. Then it follows that f[A, is continuous 
using Theorem 3.1. Namely, let T’ be the following Wadge strategy for 
Player II: “On a scratch tape, run 7 until 7 has backtracked n times. Then 
use the remaining output of 7 as the output for 7’.” It is clear that 7’ 
is winning for Player II in the game Gw(f/An), so f[An is continuous. 
Moreover, it is not difficult to see that A, is D? (in the relative topology 
of A). Let p: <“(wU {P, B}) — w be defined by p(s) :=“the number of B’s 
appearing in s”. Then the formula 


Ji vj>i (p(T(z1j)) = n) 


witnesses that A, is X9. 
=>: Let (An : n € w) be given and let 7, be a winning strategy for 
Player II in the game Gw(f lAn). The following strategy is easily seen to 
be winning for Player II in the game Gg(f): “Let i := 0. Run the Wadge 
strategy 7;. If Player I plays out of A;, then this is known after some finite 
period since the complement of A; is open. Use the backtrack option and 
repeat the process with i := i + 1.” 
Q.E.D. 


By a theorem of Jayne and Rogers, we conclude that the Backtrack 
game characterizes the Fr(2,2) functions, meaning that a total function f 
is F (2,2) if and only if Player II has a winning strategy in the game Gp(f). 


Theorem 4.2 (Jayne, Rogers). A function f :%w —> “w is F(2,2) = there 
is a II? partition (A, : n € w) of “w such that fA, is continuous. In other 
words, Fr(2,2) = Pr(II}, F(1, 1)). 


The original proof may be found in [Ja,Ro182], and a more recent proof 
using embeddings may be found in [S0198]. [S0198] also provides a detailed 
analysis of the F(1,2) functions. 


5 The Eraser game 


In the Eraser game Gg(f), Player II plays elements of w U {E}, with the 
token E interpreted to mean “erase.” This option allows Player II to erase 
his most recent move in w. In contrast with the backtrack option, it is 
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possible for Player II to erase infinitely many times and still play an infinite 
sequence. 

To define the interpretation function tg, we first define 7 : <“(wU{E}) > 
<“w by recursion. Let 7(@) := Ø and let 


n(s)~(z) if z ew, 
n(s~(z)) := 4 n(s)F(b(n(s)) — 1) if z= E and Ih(n(s)) > 0, 
Ø otherwise. 


We then define ig : (w U {E}) > S*w, up(y)(n) := m if Ji Vj>i, 
n(ytj)(n) is defined and equal to m. We define 7 as usual and say that an 
Eraser strategy 7 is winning for Player II if T(x) = f(x) for all z € A. 


Examples. Suppose Player II plays the sequence 
(ao, a1, 42, E, a3, a4,..-.) 

with one E only, then the interpretation will be 

(do, 01, @3,4,...). 
Suppose Player IT plays 

(ao, a1, a2, E, a3, E, a4, E, a5, E, ..., ai, E,...) 
then the interpretation will be 
(ao, a1) 


and Player II can only win the game if Player I plays out of A. 
The Eraser game and its characterization (Theorem 5.1) are unpublished 
results due to Jacques Duparc. 


Theorem 5.1 (Duparc). Let A C Yw. A function f : A > “w is F(1,2) 
< Player II has a winning strategy in the game Gg(f). 


The proof of Theorem 5.1 relies on the following topological fact about 
F(1,2) functions (see [Ke995, Theorem (24.10)]): 


Theorem 5.2. A function f : A —> “w is F(1,2) © f is the limit of a 
sequence of continuous functions fn : A > Yw. 


Proof of Theorem 5.1. By Theorem 5.2, it suffices to show that f is the 
limit of a sequence of continuous functions fn < Player II has a winning 
strategy in the game Gg(f). 
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=>: Let fn be given and let 7, be a winning strategy in the game Gw(fn). 
Let 7 be the following eraser strategy for Player II: “Let x € A be the play 
of Player I. Let i := 0. On a scratch tape, run 7; until the first 7 elements 
of 7;(x) are determined. Then output these elements starting from the 
beginning of the tape, erasing only if necessary. Repeat the process with 
i:=i+1.” 
<: Let 7 be winning for Player II is the game Gg(f). It suffices to give 
a sequence of Wadge strategies Tn such that 7,,(x) is infinite for all x € A 
and f is the limit of the 7,. Let Tn be the following: “Let x € A be the play 
of Player I. On a scratch tape, determine 7(7(a!n)) (using the pass option 
until this is known). Then output 7(7(a[n)), followed by random moves in 
w.” 
Q.E.D. (Theorem 5.1) 


6 The Multitape game 


In the Multitape game Gm(f), Player II plays elements of w U {1,1}. We 
think of Player II as having countably many rows (or tapes), which he can 
select using T and |. We associate a natural number to each row, with 
Player II starting at row 0 at the beginning of the game. At any point in 
the game, if Player II is on row n, he may move to row n+ 1 using 7 and 
row n — 1 using J. (If he is on row 0, the | option has no effect.) So, each 
integer move occurs on some row. The interpretation is then the infinite 
sequence on the least row (if it exists) containing an infinite sequence. We 
refer to this row as the output row. 

Formally, we define the interpretation function as follows. First, define 
p: (wU {1,1 }) > w as the “row” function on finite sequences of tokens. 
Let p(@) := Ø and let 


p(s) if z ew, 
pA pls)+1 ifz=Î, 
aay T Nee 
p(s)—1 ifz=] and p(s) > 0, 
0 otherwise. 


On infinite sequences of tokens, we define a partial function 


6:"°(wU{T Lt) >w 


by letting 6(x) be the least n € w (if it exists) such that Vi 4j>7, p(alj) =n 
and z(j — 1) € w. In other words, the value of ô is the output row. 


We next define ¢, : Y (w U {1,1 }) > <“w by recursion. Let ¢,(2) := Ø 
and let 
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Cn(s)~(z) if z €w and p(s) =n, 
6n(s) otherwise. 


Gn(8~(2)) := 


In words, given a finite sequence of tokens, Çn is the output on the nth 
row. We may then define the interpretation function iy : “(wU {T,|}) > 
<w 
Sw by 


im(y) = U Cay (yln) if d(y) is defined. 


new 


If d(y) is undefined, we define u(y) := Ø. We define 7 as usual and say 
that an Multitape strategy 7 is winning for Player II if 7(x) = f(x) for all 
ceA. 


Examples. Suppose Player II plays the sequence 


(ao, 1, a1, 1, a2, ?, a3, f, . apap haaa) 


then the interpretation will be @ since Player II has only played a single 
element on each row. Suppose Player II plays a sequence 


(ao, 41,1, a2, 1,43, Ga, 1,45, a6, EF -) 


such that the output row is row 1, then the interpretation will be 


(a2, 45,46,.--)- 


Theorem 6.1 (Andretta, S.). Let A C “w. A function f : A > “%w is 
P(II9, F(1,1)) & Player II has a winning strategy in the game Gyi(f). 


Proof. <: Let 7 be the winning multitape strategy for Player II. Since every 
=3 set in the Baire Space is the disjoint union of TIY sets (Lemma 1.1), it 
suffices to give a 5? partition. 

We define An := {x € A: d(7(x)) = n}. Note that d(7(x)) is always 
defined if x € A since 7 is winning. Thus (A, : n < w) is indeed a partition of 
A. The following formula witnesses that An is X$ (in the relative topology): 


Ai Vj>i [o(r(aly)) < n = T(J) (J1) € {1,1} A 
Vi Jj>i [elr (ælj)) =n A TETI G-1) € w). 


In words, this formula says “there exists a round in the game after which 
Player II does not play an element of w on a row less than n, and Player II 
plays infinitely many elements of w on row n.” 
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Furthermore, f[A, is continuous. The following strategy is winning in 
Gw(f lAn): “Run 7 on a scratch tape. Copy the output from row n, using 
the pass option when necessary.” 

=>: Let A, be given. Since A, is II$, there are II) formulas y,(2) 
(possibly with extra parameters) such that x E€ An © Xn(x). Since xn is 
TI, we have that 


Xn (x) = Vi Ij dale, i, j) 

where Yn is a basic formula. (By a basic formula, we mean a formula in the 
language of arithmetic with bounded quantifiers only, cf. [Ka,03, p. 152].)) 
Since w, is a basic formula, for any i and j we can check whether w(x, i, j) 
is true using only a finite initial segment of x. Let x E€ “w be the infinite play 
of Player I. We are ready to define the multitape strategy 7 for Player II. 
For each row n, there will be two counters, in and jn, which are initialized 
to 0. At each stage of the game, Player II is considered to be working on a 
row n. We say that Player II works on a row n for one step if he does the 
following: 


Given in and jn, try to determine whether the formula w(x, in, jn) is 
true. Since only a finite initial segment of x is known, it may be impossible 
to do this, in which case do nothing. If the formula is true, run the Wadge 
strategy o, for one step on row n. Increment the i» counter by 1, and reset 
the jn counter to 0. If the formula is false, increment the jn counter by 1. 


In the obvious way, Player II can work on every row n for infinitely many 
steps. Since (An € w) is a partition, Player I will play into exactly one Ay. 
This means that exactly one of the formulas y,,(x) will be true, which means 
that Player II will only play infinitely often (namely, the Wadge strategy 
On) on row n. Then F(x) = En(x) = flAn(x) = f(x), so 7 is winning. 

Q.E.D. 


7 The Multitape Eraser game 


The Multitape Eraser game Gme(f) is like the multitape game, except 
that Player II is given the additional option of erasing. So, Player II plays 
elements of w U {7,|,E}. The output of Player II is the sequence on the 
least row (if it exists) on which Player II plays infinitely often in w U {E}. 
Note that this sequence may not necessarily be infinite. 

The definition of the interpretation function is similar to the case of the 
Multitape game. For convenience, we reuse some of the variables. 

Define p : <*(wU{T, |, E}) > w as the “row” function on finite sequences 
of tokens. Let p(@) := Ø and let 
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p(s) if z ew {E}, 
p(s)+1 ifz=f, 

p(s)—1 ifz=| and p(s) > 0, 
0 otherwise. 


p(s~(2)) := 


On infinite sequences of tokens, define a partial function 


ô: “(wU {1f, 1, E} ow 


by letting ô(x) be the least n € w (if it exists) such that Vi 4j>7, p(x lj) =n 
and z(j — 1) E€ wU {E}. In other words, the value of ô is the output row. 

We next define Cn : Y (w U {1, |, E}) — <“(w U {E}) by recursion. Let 
Cn (Ø) := Ø and let 


GCn(s)~(z) if z © wU {E} and p(s) =n, 
6n(s) otherwise. 


Gn(s™(2)) := 


In words, given a finite sequence of tokens, ¢, is the output (with the 
E’s still present) on the nth row. We may then define the interpretation 
function ime : “(wU {T, |, E}) > S’w by 


iME(Y) := un ( U Cay) (Y în)) if 6(y) is defined. 
nEw 
If d(y) is undefined, then we define tmely) := Ø. 
We define 7 as usual and say that a Multitape Eraser strategy T is 
winning for Player II if F(x) = f(x) for all x € A. 
Example. Suppose Player II plays a sequence 


(ao, a1, Î, Q2, Q3, 44, E, a5, E, a6, E, +++, Qi, E, ae 
such that the output row is row 1, then the interpretation will be 
(a2, a3}. 


Note that in this case, Player II can only win the game if Player I plays out 
of A. 


Theorem 7.1. Let A C “w. A function f : A > “w is P(T, F(1,2)) © 
Player II has a winning strategy in the game Gmel f). 


Proof. <=: Let 7 be the winning multitape strategy for Player II. We define 
An := {x € A: 6(7(x)) = n}. As in the proof of Theorem 6.1, it follows 
that A, is Si. 
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Furthermore, f[An is F(1,2). The following strategy is winning in 
Gp(flA,): “Run 7 on a scratch tape. Copy the output from row n, using 
the Eraser option when necessary.” 

=: As in Theorem 6.1, with “Wadge strategy” replaced by “Eraser 
strategy.” 


Q.E.D. 


8 Future directions 


We finish by noting several problems that are open (at least, as far as this 
author is aware). We state without proof the following: 


Proposition 8.1. Let m,n > 1. Then F(n,m) C F(n+1,m+1). There- 
fore, F(n,m) C F(n + k,m + k) for any k > 0. 


The following fact is also easy to show: 


Proposition 8.2. Let m,n > 2. Then P(M,_:,F(l,m -n+ 1)) C 
F(n,m). 


Proof. Let f : A > “w in P(IL),_,,F(1,m—n-+1)) and let (A; : i < w) be 
the partition. Let Y € ©? and Y; € II? _; such that Y = U; Yj. It follows 
that 


FY =U)" 
=UYU4)-"%3) 


=VJU4n Kija where Ay E€ II? 
i j 
=AN X, where X € X}. 


For the second to last equality, note that flA; E€ F(n— 1,m -— 1) by Propo- 
sition 8.1 (take k = n — 2). Q.E.D. 


Problem 8.3. For which m and n is 
Fr(n,m) = P(e, 1, F, m — n + 1))? 


In particular, the statement for n = m = 2 is Theorem 4.2. If the 
statement were to hold for n = m = 3, then the Multitape game would 
characterize the total F(3,3) functions. Similarly, if the statement were 
to hold for n = 2 and m = 3, then the Multitape Eraser game would 
characterize the total F(2,3) functions. 


Problem 8.4. Is the inclusion in Proposition 8.1 always proper? 
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Problem 8.5. For n > 2 and m > 1, is F(n,m) properly contained in 
F(n—1,m)? 
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Abstract 


Games with imperfect information have escaped the interest of re- 
searchers in combinatorial game theory. This paper discusses a com- 
putational case study of the board game of Scotland Yard. Interest- 
ingly, Scotland Yard is a genuine “playgame” with imperfect infor- 
mation. We show by means of a powerset argument, that Scotland 
Yard can also be considered a game of perfect information, that is 
isomorphic to the imperfect information variant. Using the powerset 
analysis, we show that Scotland Yard has PSPACE-complete com- 
plexity be it with or without imperfect information. In fact, imperfect 
information may even simplify matters: if the cops are supposed to be 
consequently ignorant of Mr. X’s whereabouts throughout the game 
the complexity is NP-complete. 


1 Introduction 


1.1 Background 


The discipline of combinatorial game theory (CGT) deals almost exclusively 
with zero-sum games with perfect information. Although the existence of 
games with imperfect information is acknowledged in one of CGT’s seminal 
publications [Be;Co3Gu282, pp. 16-7], only a marginal amount of litera- 
ture appeared on games with imperfect information. Yet, the number of 
publications on games with perfect information is abundant and offers a 
robust picture of the computational behavior of games: One-person games 


* I wish to thank the organizers of the seventh August de Morgan workshop for inviting 
me to present my research. I gratefully acknowledge Peter van Emde Boas for carefully 
proofreading an earlier version, and Ulle Endriss for his remarks that lead to Section 7. 
I’m greatly indebted to the anonymous referees whose comments helped to improve 
the presentation of this paper. I thank Berend ter Borg for repairing my English in 
parts of this paper. 

Finally, let me acknowledge Victor de Boer, Berend ter Borg, and Sicco Kuijper 
with whom I played many games of Scotland Yard on Sunday afternoons, already 
more than ten years ago. 


Johan van Benthem, Dov Gabbay, Benedikt Löwe (eds.). Interactive Logic. Proceedings of 
the 7th Augustus de Morgan Workshop, London. Texts in Logic and Games 1, Amsterdam 
University Press 2007, pp. 209-246. 
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or puzzles are usually solvable in NP and many of them turn out to be com- 
plete for this class.! Famous examples include the games of Minesweeper 
[Ka500] and Clickomania [Bio+02]. Alternation increases complexity con- 
siderably: many two-player games have PSPACE-hard complexity, such as 
Go [Li,Si280] and the semantic evaluation game of quantified boolean formu- 
lae [StgMe273, Sco78]. Some even have EXPTIME-complete complexity. 
Typical examples in this respect are the games of Chess [FroLi,81] and 
Checkers [Fr9+78]. By and large, games with EXPTIME-complete com- 
plexity have a loopy nature, that is, the same configuration may occur over 
and over again. In real-life, loopy games may not be that much fun to play, 
as they allow for annoyingly long runs in which neither player makes any 
progress. Loopy runs are banned from Chess by postulating that, roughly 
speaking, no configuration of the game may occur more than three times. 

Amusingly, putting an upper-bound on the duration of the game not 
only avoids loopy sequences of play, but also has considerable computational 
impact. Papadimitriou [Pa494, pp. 460-2] argues that every game that 
meets the following requirements is solvable in PSPACE: 


e the length of any legal sequence of moves is bounded by a polynomial 
in the size of the input; and 


e given a “board position” of the game there is a polynomial-space al- 
gorithm which constructs all possible subsequent actions and board 
positions; or, if there aren’t any, decides whether the board position 
is a win for either player. 


Note that Papadimitriou does not even mention the fact that this result 
concerns games of perfect information. The result stands due to the fact that 
the backwards induction algorithm (see also Section 2) can be run on the 
game’s game tree in PSPACE, given that it meets the above requirements. 

As for games of imperfect information, some studies have been performed 
and they invariable report an increase of complexity. Convincing results in 
this vein are given in [Ko3Mep92], where the authors show that it is possible 
to decide whether either player has a winning strategy in a finite, two-player 
game of perfect information using a polynomial time in the size of the game 
tree. On a positive note, they show that there is a P-algorithm that solves 
the same problem for games of imperfect information with perfect recall. 
However, if one of the players suffers from imperfect recall the problem of 
deciding whether this player has a winning strategy is NP-hard in the size 
of the game tree. 

In [Re184, Pe3AzRe101] the authors regard computation trees as game 
trees. This view on computation trees is adopted from [ChoKogSt¢81], in 


1 To solve a game is to determine for an instance of the game whether a designated 
player has a winning strategy. 
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which so-called alternating Turing machines are considered which have ex- 
istential and universal states. The aspect of alternation is reflected in the 
computation tree by regarding it as a game tree of a two-player game. The 
nodes corresponding to existential (universal) states belong to the existential 
(universal) player. From this viewpoint, non-deterministic Turing machines 
have no universal states and thus give rise to one-player game trees. In 
[Re184, Pe3AzRe101] this idea is extended to games of imperfect informa- 
tion. The authors define private alternating Turing machines, which give 
rise to computation trees that may be regarded as two-player game trees in 
which the existential player suffers from imperfect information, among other 
devices. It is shown that the space complexity of f(n) of these machines 
is characterized in terms of the complexity of alternating Turing machines 
with space bound exponential in f(n). Moreover, it is shown that private 
alternating Turing machines with three players—with two of the players 
teaming up—can recognize undecidable problems in constant space. 
Dramatic as these results may be, being general studies they cannot 
tell us what the computational impact of the imperfect information found 
in actual games is. That is, games developed to be played rather than to 
be analyzed.” It may well turn out that the imperfect information in these 
games has little computational impact and that the games themselves match 
the robust intuitions we have about the computational nature of perfect in- 
formation games. As we pointed out before, there is but a small number 
of results concerning games with imperfect information, let alone computa- 
tional studies of parlor games. For this reason, we shall consider the game 
of Scotland Yard which gamers have enjoyed since 1983.3 Readers familiar 
with Scotland Yard will acknowledge that it is the imperfect information 
that makes the game an enjoyable waste of time and enthusiastic accounts 
of players’ experiences with Scotland Yard are readily found on the Internet. 


1.2 Game rules 


We shall now give an outline of the rules of Scotland Yard. Note how- 
ever that this description serves mainly to stress the kinship between the 
formalization used in this paper and the actual game. A complete set of 
game rules of the formalization is supplied in the next section and suffices 
to understand the formal details. 

Scotland Yard is played on a game board which contains approximately 
200 numbered intersections of colored lines denoting available means of 


2 Fraenkel [Fro02, p. 476] makes the distinction between “PlayGames” and “Math- 
Games”. The former being the games that “are challenging to the point that people 
will purchase them and play them”, whereas the latter games “are challenging to a 
mathematician [...] to play with or ponder about.” 

3 Scotland Yard is produced by Ravensburger/Milton Bradley and was prestigiously 
declared Spiel des Jahres in 1983. 
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FIGURE 1. The box of Scotland Yard and its items, amongst which the 
game board, Mr. X’s move board, and the players’ pawns. This picture is 
reproduced with permission of Ravensburger. 


transportation: yellow for taxis, green for buses, and pink for the Under- 
ground. A game is played by two to six people, one of them being Mr. 
X, the others teaming up and thusly forming Scotland Yard. They have a 
shared goal: capturing Mr. X. Initially, every player gets assigned a pawn 
and an intersection on the game board on which his or her pawn is posi- 
tioned. Before the game starts every player gets a fixed number of tickets 
for every means of transportation. Mr. X and the cops move alternatingly, 
Mr. X going first. 

During every stage of the game, each player—Mr. X or his adversaries— 
takes an intersection in mind connected to his or her current intersection, 
subject to him or her owning at least one ticket of the appropriate kind. For 
instance, if a player would want to use the metro from Buckingham Palace, 
she would have to hand in her metro ticket. If either player is out of tickets 
for a certain means of transportation, he cannot travel along the related 
lines. Every player’s set of tickets is known to all players at every stage of 
the game. No player is allowed to stand still for one or more round. For 
cops it is not allowed to share the same node; in case a cop gets stuck, i.e., 
she cannot move to any node from her current position, she is out of the 


game.* 


4 The latter two conditions are ignored in this paper’s abstraction. We suspect they 
would not affect the computation results, though. 
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Scotland Yard is sold as a 2-to-6 player game. But nothing essential gets 
lost when one player controls several or all cops pawns, since communication 
between the cops is allowed at all times. 

If a cop has made up her mind to move to an intersection, this is indi- 
cated by her moving the pawn under her control to the intersection involved. 
However, when Mr. X has made up his mind he secretly writes the intersec- 
tion’s number in the designated entry of the move board and covers it with 
the ticket he has used. The cops know what means of transportation Mr. X 
has been using, but do not know his position. After round 3, 8, 13, 18, and 
24, however, Mr. X is forced to show his whereabouts by putting his pawn 
on his current hideout. 

The game lasts for 24 rounds during which Mr. X and the cops make 
their moves. If at any stage of the game any of the cops is at the same 
intersection as Mr. X the cops win. Since Mr. X is invisible most of the 
time, he has to actually reveal himself once caught. It is rather pointless for 
Mr. X to not announce his loss, as the cops can reconstruct his path using 
the game board when the game has ended. If Mr. X remains uncaught until 
after the last round, he wins the game. Cops who have a suspicious nature 
may want to check whether Mr. X’s secret moves were consistent with the 
lines on the game board when the game is over. To this end, they would 
match the numbers on the move board with the returned tickets. If it turns 
out that Mr. X has cheated at any point or has actually been caught, he 
loses no matter what the outcome of the game. 

In view of these game descriptions, the generalization of the Scotland 
Yard game in Definition 1.1 may strike the reader as a natural abstraction. 
The reader will observe that the number of means of transportation is re- 
duced to one and that the game board is modelled by a directed graph. 
However, all results in this paper can be taken to hold for instances where 
several means of transportation and undirected graphs are involved. 


Definition 1.1. Let G = (V, E) be a finite, connected, directed graph with 
an out-degree of one or higher. That is, for every v € V, there is av’ € V, 
such that E(v,v’). Let u,vi,...,Un E€ V. Let f : {1,...,k} — {show, hide} 
be the information function, for some integer 2 < k < |V|. Then, let 
(G, (u,v1,---,;Un), f) be a (Scotland Yard) instance. Most of the time it will 
be convenient to abbreviate a string of vertices v1,...,Un by v. Conversely, 
u(i) shall denote the ith element in Y. By {v} we refer to the set of all 
vertices in 0. 

For U C V write E(U) to denote {u’ € V | E(u,u’), for some u € U}. 
If v, € V”, then write E(v,v’) to denote that for every 1 < i < n, 
E(v(i), v (i)). 
5 Note that this is the description of the actual Scotland Yard game. My formalization— 

to be provided—has slightly different winning conditions. 
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The information function f controls the imperfect information through- 
out the game. If round i has property f(i) = hide, Mr. X hides himself. As 
will be seen the information function gives an intuitive meaning to “adding” 
and “removing” imperfect information from a Scotland Yard game. For in- 
stance, if one restricts oneself to information functions with range {show}, 
Mr. X shows his whereabouts after every move and one is effectively consid- 
ering a game of perfect information. Under the latter restriction, one has 
arrived at so-called graph games, also called Pursuit or Cops and robbers. 
For an exposition of the literature on graph games, consult [Go Re295]. 


1.3 Aims and structure 


The aims of this paper are twofold. First to pinpoint the computational 
complexity of a real game of imperfect information. Secondly, we go through 
a reasonable amount of effort to spell out the relation between the game of 
Scotland Yard and a game of perfect information that is highly similar to the 
former. More precisely, we show that the games’ game trees are isomorphic, 
and that a winning strategy in the one game constitutes a winning strategy 
in the other and vice versa. These similarity results may convince the reader 
that in some cases the wall between perfect and imperfect information is 
not as impenetrable as one might induce from the scarce literature on the 
complexity of imperfect information games. 

As we pointed out before, the definition of Scotland Yard instance ab- 
stracts away from features of the game of Scotland Yard that are inessential 
to this paper’s aims. In fact, all that a Scotland Yard instance holds is 
a graph, a set of vertices on which the pawns are initially positioned, the 
duration of the game, and a means to control the imperfect information. 
In my view, the level of abstraction employed in Definition 1.1 justifies 
one’s conceiving Scotland Yard instances as graph games. For this reason, I 
think that my analyses are not solely relevant to the specific game of Scot- 
land Yard, but to the theory of graph games in general. Nevertheless, I 
shall continue to refer to the games under consideration using the colloquial 
Scotland Yard terminology. 


Section 2 reviews the basic notions from game theory and complexity 
theory and fixes notation. In Section 3, we shall define the extensive game 
form of the Scotland Yard game to which a Scotland Yard instance gives 
rise. In Section 4, we define a perfect information variant of Scotland Yard. 
In this perfect information game, Mr. X picks up sets of vertices, but he 
does so in public. In Section 5, we show that the games that have been 
introduced admit for a bijection between the imperfect information game’s 
information partitions and the histories in the perfect information Scotland 
Yard game. Furthermore, we show that both games, under the bijection 
analysis, are equivalent, i.e., the cops have a winning strategy in the im- 
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perfect information game iff they have one in the perfect information game. 
In Section 6, the computational results are presented. In accordance with 
many polynomially bounded two-player games, Scotland Yard is complete 
for PSPACE, despite its imperfect information. That is, the computational 
complexity of Scotland Yard does not change when one only considers in- 
formation functions with range {show}. 

In fact, if one would add more imperfect information to the extent that 
the information flow function has range {hide}, the resulting decision prob- 
lem is easier: NP-complete. This is shown in Section 7. Finally, Section 8 
concludes the paper. 


2 Preliminaries 


In this section, we introduce some basics from game theory and complexity 
to make this paper reasonably self contained. 


2.1 Game theory 


Key notion in this paper is the notion of extensive game with imperfect 
information. One may consider this an extension of the notion of extensive 
game with perfect information, due to [vNMo44]. 

A win-loss extensive game with perfect information G is a four-tuple 
(N, H, P,U), where 


e N is the set of players. Referring to the number of players, G is called 
an || N||-player game. 


e H is a set closed under prefixes and denotes the set of histories. A 
history shall be regarded as an ordered list (a1,...,@n) of actions. If 
h = (a1,..-,Qn), then (h,a’) denotes (a1,...,@n,a’) and is called an 
immediate successor of h. A(h) denotes all actions that extend h. Let 
Z be the subset of H whose histories cannot be extended. Z is called 
the set of terminal histories. 


e P is the player function, that assigns to every non-terminal history h 
a player P(h). Formally, P is a function of type (H-Z) —> N. We 
say that a history h belongs to P(h). 


e U is the utility function, assigning to every terminal history one win- 
ning player. 


Let G be a win-loss extensive game with perfect information as above. 
Then, a function S' is called a strategy for player i € N in G, if it maps 
every history h belonging to i, to an action in A(h). Let S be a strategy 
for player i in G. Then, call a history h = (a1,...,@,) in accordance with 
S, if for every proper initial prefix h’ = (a),...,a,) of h, where k < n, such 
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that P(h’) = i, it is the case that (a1,...,a%,S(h’)) is also an initial prefix 
of h. Furthermore, if for every history h that is in accordance with S it is 
the case that U;(h) = i, then S is called a winning strategy for i in G. 

Let G be a win-loss extensive game with perfect information, that is 
also two-player. The backwards induction algorithm, due to [Ze13], decides 
whether player i has a winning strategy. The algorithm takes G as input 
and goes about as follows: 


e Label all terminal histories h in G with U(h). 


e Until the initial history £ has been labelled, consider every unlabelled, 
non-terminal history h in G and do as follows: 


— If P(h) = i and there is an immediate successor history h’ of h 
labelled 2, then label h with i. 


— If P(h) # i and every immediate successor history h’ of h is 
labelled j € (N — {i}), then label h with lose. 


An easy inductive argument shows that the backwards induction algorithm 
labels the empty history with i iff player i has a winning plan of action in 
G. Papadimitriou [Pa494] showed that the backwards induction algorithm 
can be implemented in such a way that it consumes polynomial space in the 
size of the input, given that the game meets the aforementioned conditions. 

Extensive games with imperfect information extend extensive games 
with perfect information in that they are five-tuples (N, H, P, (Zi)ien, U), 
carrying information sets T; for every player i € N. The other notions are 
similar to the ones defined for extensive games with perfect information. 
An information set Z7; = {h,...,J,} is a partition of the set of histories 
belonging to player i, that meets the action consistency requirement: if h 
and h’ sit in I € Z;, then A(h) = A(h’). Every partition in an information 
set is called an information partition. If I € Z;, player i is said to own 
I and Z;, or they are said to belong to i. Intuitively, an extensive game 
with imperfect information models the situation in which player i knows 
that some history h € I € T; has happened, but she is unable to tell h 
apart from the other histories in J. The requirement that all histories in 
an information partition can be extended by the same actions—the action 
consistency requirement—captures the idea that otherwise the player own- 
ing the information partition could deduce information about the actual 
history from the actions available. If I € Z;, write A(T) to denote A(h), for 
an arbitrary h € I. 

Let G = (N, H, P, (TiJien, U) be an extensive game with imperfect in- 
formation. Then, a function S is called a strategy for player i in G, if it 
maps every information partition J € Z; belonging to ¿i onto an action in 


AD). 
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In the context of win-loss games, a strategy © for player i is called 
winning in G if every terminal history h that is in accordance with S yields 
U(h) =i. 


2.2 Complexity theory 


Complexity theory measures the complexity of a decision problem in terms 
of the requires resources, such as time and space. We refer the reader for 
an excellent introduction to this exciting field to [Pa494]. 

In this paper, the complexity classes NP and PSPACE play a central 
role. The notion of polynomial-time computable many-one reduction is sim- 
ply referred to by reduction. Recall that if there is a decision problem to 
which every decision problem in a complexity class, say NP, is reducible, 
then this decision problem is NP-hard. If moreover this decision prob- 
lem itself is solvable in NP, then we call it NP-complete—and likewise for 
PSPACE. 

A convenient family of decision problems is related to propositional logic. 
In this paper, we use two logical decision problems: 3-SAT and QBF. The 
former is NP-complete, whereas the latter is PSPACE-complete. 

To introduce the problems properly, let me introduce some folklore ter- 
minology from propositional logic. A literal is a propositional variable or 
a negated propositional variable. A clause is a disjunction of literals. A 
boolean formula is in conjunctive normal form (CNF), if it is a conjunction 
of clauses. A boolean formula is said to be in 3-CNF, if it is in CNF and 
all of its clauses contain exactly three literals. The decision problem 3-SAT 
consists of every satisfiable 3-CNF formula y, that is, every y for which 
there exists a truth assignment to its variables that makes y true. 

The decision problem QBF has quantified boolean formulae as instances, 
i.e., objects of the form Va idy1...Vt%ndyn vy, in which ọ is a boolean for- 
mula in 3-CNF over the variables 71, 41,...,;2n,Yn- The problem QBF asks 
whether for every truth value for xı, there is a truth value for y1, and for 
every truth value for x2, ..., such that the boolean formula y is satisfied by 
the resulting truth assignment. 


3 Scotland Yard formalized 


In this section, we define the extensive games with imperfect information 
that are constituted by Scotland Yard instances. 


Let sY = (G, (us, 0x), f) be a Scotland Yard instance as in Definition 1.1. 
Before we define the extensive game form of the Scotland Yard game to 
which sy gives rise, let me formulate the game rules of the game under 
consideration in terms of SY. 

The digraph G is the board on which the actual playing finds place. 
In the initial situation of the game n + 1 pawns, named V, 31,..., Jn, are 
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positioned on the respective vertices Ux, U.(1),..., U (n) on the digraph. 
The game is played by the two players J and V over k rounds, and with 
every round 1 < i < k in the game the property f(z) € {show, hide} is 
associated. Note that we converted the n-player game of Scotland Yard, 
where 2 < n < 6 into a two-player game in which one player controls 
all pawns d1,..., Jn. Furthermore, for reasons of succinctness we use the 
symbol VY to refer to Mr. X (male) and J to refer to the player controlling 
Scotland Yard (female). Somewhat sloppily, sometimes we shall not make 
a strict distinction between a player and (one of) his or her pawns. 

The initial positions of the players’ pawns are known at the outset of 
the game. Fix i = 1, u = ux, and U= Ux; round i of Scotland Yard goes as 
follows: 


1. If for some 1 < j < n, the pawns Y and 3; share the same vertex, i.e., 
u = U(j), V is said to be captured (by 3;). If V is captured the game 
stops and 4 wins. If V is not captured and z > k the game also stops 
but 4 loses. 


2. V chooses a vertex u’, such that E(u,u’). If f(i) = show, Y physically 
puts his pawn on u’. If f(i) = hide, he secretly writes u’ on his move 
board making sure that it cannot be seen by his opponent. Set u = uw’. 


3. Player J chooses a vector Y € V”, such that E(v,v’), and for every 
1 < j < n, moves pawn J, to v’(j). Set v= v. 


4. Seti =i+1. 


Note that these game rules do not consider the possibility of either player 
getting stuck, as in not being able to move a pawn under his or her control 
along an edge. This goes without loss of generality, as the digraphs at stake 
are supposed to have out-degree > 1. 

Furthermore, it should be borne in mind, that for V it is not a guaranteed 
loss to move to a vertex occupied by one of 3’s pawns. The game only 
terminates after 3 has moved and one of her pawns captures V, unlike the 
game rules for the board game of Scotland Yard. 

Observe that 3 loses only after k rounds of the game have been played. 
If it so happens that the game terminates after the jth round, for j < k, 
then 4 has won. 

Scotland Yard is modelled as an extensive game with imperfect infor- 
mation in Definition 3.1. The upcoming definition and Definition 4.1 are 
notationally akin to the definitions in Section 2. 


Definition 3.1. Let sy = (G, (us, Us), f) be a Scotland Yard instance. 
Then, let the extensive Scotland Yard game constituted by SY be defined as 
the tuple SY(sy) = (N, H, P,~,U), where 
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e N = {5,V}. 


e In order to define H, let ¢ add to every finite tuple (a1,...,@n) the in- 
teger ([n/2])—1. Then, H is the smallest set containing (ux), (Ux, Us) 
and is closed under actions taken by V and 3: 


— If (h,u,v) € A, e((h,u,v)) < k, u ¢ {0}, and E(u,u’), then 
(h, u, v, u’) € H. 


— If (h,u,v,u’) € H and E(v,w’), then (h, u, 0, w’, 0) € H. 


For h € H, (h) denotes the number of rounds of h. For instance, 
L( (Ux, Ux) ) = 0 and L( (ux, Ux, U1, U1, W2)) = 2. Somewhat unlike custom 
usage in game theory, the length (h) of history h does not coincide 
with the number of plies in the game. This notation is chosen to 
reflect the game rule saying that a history only terminates after 3 has 
moved—that is, after every completed round. 


Let < be the immediate successor relation on H. That is, the smallest 
relation closed under the following conditions: 
— If h, (h,u) € H, then h ~ (h, u). 
— If (h, u), (h, u,v) € H, then (h, u) < (h, u,v). 
e Due to the notational convention, the value of the player function 


P is easily determined from the history’s form, in the sense that 
P((h,u)) = 3 and P((h, u,v)) = Y, no matter h, u, and v. 


e ~ is the indistinguishability relation that formalizes the imperfect in- 
formation in the game. It is defined such that for any pair of histories 
h,h' € H of equal length, where 


h = (ux, Ox, U1,01,...,U3) and R = (u,,0,,u,,0,,...,u,) (1.1) 
it is the case that h ~ h’, if 
(a) vj = v}, for every 1 < j <i—1; and 
(b) uj = uj, for every 1 < j < i such that f(j) = show. 


The previous condition, considering histories as in (1.1), defines ~ 
only as a relation between histories h belonging to J. This reflects the 
fact that it is 3 who experiences the imperfect information. Somewhat 
unusual, we extend J’s indistinguishability relation ~ to histories in 
which Y has to move. The reader is urged to take this extension as 
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a technicality. We put as follows: for any pair of histories h, h’ € H, 
where 


h = (ux, x, U1, 14s. By) and h = (ux, Ds, Hy D,- oo, Uh, T 
(1.2) 
it is the case that h ~ h’, if 
(a) vj = Uj, for every 1 < j < i; and 
(b) uj = uj, for every 1 < j < i such that f(j) = show. 


e U : Z — {win, lose} is the function that decides whether a terminal 
history (h, u,v) is won or lost for 3. Formally, 


win if we {v} 


U((h, u, )) = { lose ifu ¢ {v}. 


Note the discrepancy with the definition of utility functions in Sec- 
tion 2. As this papers is only concerned with 3’s having a winning 
strategy, we found the current utility function more convenient. 


Since ~ is reflexive, symmetric, and transitive it defines an equivalence 
relation on H. We write H C p(H) for the set of equivalence classes, or in- 
formation cells, in which H is partitioned by ~. That is, H = {C1,..., Cm}, 
where C1 U... U Cm = H and for every 1 < i < m, if h € Ci andh~h’, 
then h’ € Ci. A standard inductive argument suffices to see that for every 
Ci € H and pair of histories h, h’ € C;, the length of h and h’ coincides and 
P(h) = P(h’). 

We lift the relation < to H, using the same symbol: For any pair C, C” € 
H, we write C < C” if there exists histories h € C and h’ € C” such that 
h < kW. It is easy to see that if h,h’ are histories in a cell C € H, then 
P(h) = P(h’). Thus, the player function is meaningfully lifted as follows: 
if C € H and h is a history in C, then P(C) = P(h). Call a cel C € H 
terminal if all its histories are terminal. 

Since we study an extension of ~, the set H partitions all histories in 
H. As we pointed out in the definition of ~, if histories h and h’ stand 
in the ~ relation and belong to V, this should not be taken to reflect any 
conceptual consideration about 3’s experiences. Yet, if h and h’ belong to 
J, to write h ~ h’ reflects genuine indistinguishability for player 3 between 
the two histories h and h’. Consider the set Ha = {C € H | P(C) = 3}, 
that partitions the set of histories that belong to 4. We claim that Ha is 
an information set in the sense of Section 2, that is, it meets the action 
consistency requirement. A proof to this effect is straightforward. 

The notion of winning strategy readily applies to the games SY (sy), 
despite the fact that J’s indistinguishability relation is modelled by ~ and 
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not by the customary (Z;)ien. We claim without proof that the “extended 
usage” of ~ does not affect 3’s having a winning strategy. To formulate this 
claim more precisely, let G(sY) model the Scotland Yard game constituted 
by sy using the customary information partitions. Then, J has a winning 
strategy in G(Sy) iff she has one in SY (sY). 


For future reference, we lay down the following proposition. 


Proposition 3.2. Let SY(sy) = (N,H,P,~,U) be the Scotland Yard 
game constituted by sy. Then, the following statements hold: 


(1) If (hy, U1) ~ (hg, u2) and fhai, ur))) = hide, then hy ~ hg. 
(2) If (hy, U1) ~ (hg, u2) and flh, u1))) = show, then hı N ho and 


U1 = Ua. 
(3) If (hi, ur, 01) ~ (h2, U2, U2), then (hi, u1) ~ (he, ug) and vı = V2. 
(4) If hy £% he and (hy, u1), (ho, u2) E€ H, then (hi, u1) £ (he, u2). 

Proof. Readily observed from the definition of ~ in Definition 3.1. Q.E.D. 


Example 3.3. As an illustration of modelling a Scotland Yard instance® as 
an extensive game with imperfect information, consider the digraph G* = 
(V*, E*), where 

v* {ux, vx, a,b, A, B,1, 2,3} 

EX = {(uxz,a), (ux, b), (a, 1), (b, 2), (b,3), 

(vx, A), (vx, B), (A, 1), (B, 2), (B,3)}. 

For a depiction of GX, see Figure 2. Let f% be an information function 
such that f*(1) = hide and f*(2) = show. Conclude the construction of 
the Scotland Yard instance sy“, by putting u. and v, as the initial vertices 


of V and 4, respectively. In SY(sy”), the set of histories H contains exactly 
the following histories: 


(tn Ue) 
(Ux, Ux, a) (ux, Uxa, B,1) (ux, Ux, a, B,1,3) 
(Ux, Ux, b) (Ux, Ux, b, A, 2) (Ux, Ux, b, A, 2,1) 
(Ux, Ux, a, A) (Ux, Ux, b, A, 3) (Ux, Ux, b, A, 3,1) 
(Ux, Ux, a, B} (Ux, Ux, 6, B,2) (Ux, Ux, b, B,2,2) ! 
(Ux, Ux, b, A) (ux, Vx, b, B,3) (Ux, Ux, b, B, 2,3) 
(Ux, Vx, b, BY (Ux;Ux,@,A,1,1)! (us, vs, b, B,3, 2) 
bis ht: A,1) (Us, Vx, a, B,1, 2) bag an B,3,3) ! 


6 The digraph under consideration does not have out-degree > 1. The game terminates 
after two rounds, so adding reflexive edges on the vertices 1, 2, and 3 goes without 
affecting the winning conditions of the game. 
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FIGURE 2. The digraph G”, allowing for a two-round Scotland Yard game. 


The terminal histories marked with an exclamation mark are winning his- 
tories for 4. Because f*(1) = hide, the game at hand is a genuine game of 
imperfect information. This fact is reflected in the set of information cells 
H, containing the following three non-singletons: 


{ (tx, Va, @), (ux, Vx, b) }, 


{(ux, Vx, a, A), (ux, Ux, b, A)}, 
{(us,U«,@, B}, (ux, vx, b, BY}. 


(Note that under the customary definition of ~, one would not have the 
latter two information cells, as they belong to V.) Game theorists often find 
it convenient to present extensive games as trees, as in Figure 3. 


4 A perfect information Scotland Yard game 


We observed that Scotland Yard is a game with imperfect information and 
in Definition 3.1, we modeled it as an extensive game with imperfect in- 
formation. This model one may find Scotland Yard’s canonical means of 
analysis, for admittedly, it gives a natural account of the imperfect infor- 
mation that makes Scotland Yard such a fun game to play. Canonical or 
not, this does not imply, of course, that Scotland Yard can only be ana- 
lyzed as an imperfect information game. In the remainder of this section 
we shall show how a Scotland Yard instance may also give rise to a game 
of perfect information. The underlying idea has it that during rounds in 
which V moves and hides his whereabouts, he now picks up a set of vertices 
that contains all vertices where he can possibly be, from the viewpoint of 
J. In case V has to show himself, he selects one vertex from the current set 
of vertices and announces this vertex as his new location. 
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FIGURE 3. A graphical representation of the Scotland Yard game played 
on the game board constituted by the digraph G* from Figure 2. A path 
from the root to any of its nodes represents a history in the game. For 
instance, the path u,,b, A,2 corresponds with the history (ux, Ux, b, A, 2). 
The information cells are indicated by the shaded areas. The cells marked 
with an exclamation mark are won by J. 


FIGURE 4. A graphical representation of the Scotland Yard-PI game 
played on the game board constituted by the digraph G% from Figure 
2. A path from the root to any of its nodes represents a history in the 
game. For instance, the path ux, {a,b}, A, {2} corresponds with the history 
({ux}, vx, {a,b}, A, {2}). The cells marked with an exclamation mark are 
won by J. 
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More abstractly, V’s powers are lifted from the level of picking up vertices 
to the level of picking up sets of vertices. J’s powers remain unaltered, 
as compared to the game with imperfect information that was explicated 
above. 

Modelling imperfect information by means of a power set construction— 
as we are about to do—is by no means new. For instance, the reader 
may find this idea occurring in the computational analyses of games with 
imperfect information [Re184, PezAzRe01]. In logic, the idea of evaluating 
an Independence-friendly logic-sentence with respect to a set of assignments 
underlies Hodges’ trump semantics [Ho,97a]. In automata theory, the move 
to power sets is made when converting a non-deterministic finite automaton 
into a deterministic one, see [Ho,UI79]. 

As regards every single one of these disciplines, however, observe that 
the object that was analyzed through power sets is substantially more com- 
plex/powerful/bigger than the original object. For instance, in [Pe3AzRe101] 
it was shown that three-player games with imperfect information can be 
undecidable. In the realm of IF logic it was proven [Ca ;Ho,01] that no 
compositional semantics can be given based on single assignments only. It 
is well known that in the worst case converting a non-deterministic finite 
automaton makes the number of states increase exponentially. 

In view of these results it is striking that one can define a Scotland 
Yard game with perfect information using a power set argument, without 
experiencing a combinatorial explosion, cf. Theorem 6.3. What is meant 
by “highly similar” is made precise in Section 5. First let me postulate the 
game rules for the Scotland Yard game with perfect information and define 
its extensive game form in Definition 4.1. 


Let sy = (G, (ux, Ux), f) be a Scotland Yard instance as in Definition 1.1. 
The initial position of the Scotland Yard-PI game constituted by Sy is sim- 
ilar to the initial position of the Scotland Yard game that is constituted by 
sy. That is, a Y pawn is positioned on u, and for every 1 < j < n, the J; 
pawn is positioned on v(j). In Scotland Yard-PI, Y does not have one pawn 
at his disposal but as many as there are vertices in G. 

Fix i= 1, U = {u}, and y = V; round i of Scotland Yard-PI goes as 
follows: 


1-PI. If U — {0} = Ø, then the game stops and J wins. If U — {0} # Ø and 
i > k the game also stops but J loses. 


2-PI. Let U’ = E(U — {v}). If f(z) = hide, then set U = U’ and VY positions 
a V pawn on every vertex v in U. If f(i) = show, then VY picks a vertex 
u’ € U’, removes all his pawns from the board, and puts one pawn on 
u’. Set U = {u'}. 
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3-PI. Player J chooses a vector v € V”, such that E(v,0’), and for every 
1 < j < n, moves pawn J; to v’(j). Set v= v. 


4-PI. Set i =i+1. 


Clearly, for arbitrary sy, the Scotland Yard-PI game constituted by sy is 
a game of perfect information. Thus extensive game theory provides natural 
means of analysis. 


Definition 4.1. Let sy = (G, (us, U+), f) be a Scotland Yard instance. 
Then, let the extensive Scotland Yard-PI game constituted by SY be defined 
as the tuple SY-PI(sy) = (Npr, Hpi, Per, Upi), where 


e Np; = {3, V}. 


e Hpi is the smallest set containing the strings ({u.}), {ux}, Us), that 
is closed under taking actions for 3 and V: 


— If (h, U, 0) € Hpi, €((h,U,0)) < k, FUR, U, T) +1) = hide, and 
U — {0} Æ @, then (h, U, v,E(U _ {v})) € Hpi. 


— If (h,U, 0) € Hpi, &((h,U, 8) < k, and f(£((h, U, 8) +1) = show, 
then {(h, U, 0, {u'}) | u’ € E(U — {a})} C Apr. 


— If (h,U,8,U") € Hp; and E(@, 0’), then (h,U,@,U',#) € Hpi. 


Let <p, be the immediate successor relation on Hpy. That is, the 
smallest relation closed under the following conditions: 


— If h,(h,U) € Hpy, then h <p (h, U}. 
— If (h,U), (h, U, 0) € Hpi, then (h, U} ~py (h, U, U). 
e Again, the value of P is readily determined from the history’s form, 


in the sense that P((h,U)) = 3 and P((h, U,v)) = V, no matter h, U, 
and v. 


e Naturally, 


win if U -— {0} = Ø 


U((h,U,0)) = { lose if U — {0} # Ø. 


These definitions may be appreciated best by checking SY-PI(sy*), 
where sy* = (G*, (ux, 0x), f%} and G* is the digraph depicted in Fig- 
ure 2. We skip writing down all histories in this particular game, leaving 
the reader with a graphical representation of its game tree in Figure 4. 
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5 An effective equivalence 


In this section, the similarity between Scotland Yard and its perfect infor- 
mation variant is established. Making use of this similarity, we prove in 
Theorem 5.7 that for any instance Sy, J has a winning strategy in SY (sY) 
iff she has one in SY-PI(Sy). In order to prove this result it will be shown 
in Lemma 5.6 that the structures (H, <} and (Hp, <pr) are isomorphic, in 
virtue of the bijection £. 

Main result of this subsection resides in Lemma 5.6, saying that the 
structures (H,~<) and (Hpr,~<p1) are isomorphic. The witness of this iso- 
morphism is the bijection Ø, shortly defined in Definition 5.1. The inter- 
mediate results can be proved by inductive arguments. As the proofs do 
not contribute too much to the content of this paper we decided to not 
incorporate them. The reader can find a detailed account of these proofs in 
[Se206]. 

The function (@ is a map from histories in the perfect information game 
SY-PI(sy) to information cells in the game SY (sy). An information cell 
is a set of histories that cannot be distinguished by 3. The perfect infor- 
mation Scotland Yard game was defined in such a way that 3’s imperfect 
information in SY (sY) is propagated to perfect information about sets in 
SY-PI(sy). It will be observed through the map that there is a bijection 
between information cells—sets of histories—in the imperfect information 
game, and histories in the perfect information game that hold sets of ver- 
tices owned by Y. Thus, 8 is a map from the information cells in SY (sy) to 
histories in SY-PI(sy). 


Definition 5.1. Let SY (sY) and SY-PI(sy) be games constituted by sy. 
Define the function 8 : Hp; > (H) inductively as follows: 


BCU) = {(u)} 
Busy, 0) = {Cus Oe) } 
B((h,U)) = {(g,u)€ H | 9 € ph), uE U} 
B((h, U, 0) = {(g,u,0) € H | (g,u) € B((h,U))}. 


The function ( is (partially) depicted in Figure 5 mapping the histories 
from SY-PI(sy*) to sets of histories from SY (sY *%). 


Proposition 5.2 states that if in a history h € Hp; a pawn (owned by 
either player) is positioned on a vertex, then also in ((h) there exists a 
history in which this vertex is occupied by a pawn. 


Proposition 5.2. For every history h’ € Hpy, the following hold: 


(1) If h’ = (h,U) and f(€((h,U))) = hide, then it is the case that U = 
{u | (g,u) € H, for some g € G(h)}. 
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FIGURE 5. A partial depiction of the bijection @ from histories in 
SY-PI(sy*) to sets of histories from SY(SY*). ( is displayed using sev- 
eral kinds of arrows to enhance readability. Note that this visualization 
does not reflect any conceptual difference. Sets of histories in the range 
of B (found in the right-hand structure) turn out to be information cells, 
cf. Lemma 5.5. 
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(2) If P(h’) = V and f(¢(h’) +1) = show, then it is the case that {u | h’ < 
(h’, {u}), for some (h’, {u}) € Hpr} = {u | (g,u) € H, for some g € 
B(A')}. 

(3) If h’ = (h,U) € Hp, and u €E U, then there exists a history g € G(h) 
such that (g,u) € H. 


(4) If h’ = (h,U,v) € Hpi, then it is the case that 6((h,U,v)) equals 
{(g,u, 0) | (g,u) € Bh, U))}- 


Proposition 5.3 is the converse of the previous proposition, as it links up 
histories in H with histories in Hpy. 


Proposition 5.3. For every g’ € H, the following hold: 


(1) If g’ = (g, u) € H, then there exists a (g, U) € Hp; such that g € G(h) 
and ue U. 


(2) If g’ = (g,u,¥) € H, then there exists a (h, U, u} € Hp; such that 
(g,u) € B((A,U)) and = v. 


For @ to be bijection between Hp; and H, it ought to be the case that 
B has range H rather than p(H). We lay down the following result. 


Lemma 5.4. @ is a function of type Hpy > H. 

The latter lemma is strengthened in the following lemma. 

Lemma 5.5. @ is a bijection between Hp, and H. 

The isomorphism result follows from tying together the previous statements. 
Lemma 5.6. The structures (Hpr, <pr) and (H, <) are isomorphic. 


Proof. Lemma 5.5 showed that @ is a bijection between Hp; and H. It 
remains to be shown that 8 preserves structure, that is, for every pair of 
histories h, h’ € Hp, it is the case that h <py h’ iff O(h) < G(h’). Recall that 
for C” € H to be the immediate successor of C € H, there must exist two 
histories g, g’ from C, C”, respectively, such that g < g’. The claim is proved 
by a straightforward inductive argument on the length of the histories in 
Hp. We shall omit spelling out the details of the proof, only mentioning 
the Propositions on which it relies: 


From left to right. Follows from Proposition 5.2 (3) and (4). 
From right to left. Follows from Proposition 5.3 (1) and (2). Q.E.D. 


The Complexity of Scotland Yard 229 


Scotland Yard and its perfect information variant are highly similar in 
the sense that the game trees to which the games give rise are isomorphic. 

The structures (Hp 1, <pr) and (H, <) are not only isomorphic, they also 
preserve the property of being winnable for the cops. To flesh out this claim, 
let f: B — Cand g : A — B be functions. Then, f-g denotes the function 
of type A — C such that for every a € A, f - g(a) = f(g(a)). 

Making use of the fact that (Hpi, ~<pr) and (H,<) are isomorphic, an 
inductive argument proves that S is a winning strategy in SY-PI(sy) iff S- 8 
is a winning strategy in SY(sy).’ Thus, we arrive at the following result. 


Theorem 5.7. Let Sy be a Scotland Yard instance. Then, 3 has a winning 
strategy in SY(Sy) iff she has a winning strategy in SY-PI(sy). 


6 Scotland Yard is PSPACE-complete 


In this section, we define Scotland Yard as a decision problem and prove 
that it is PSPACE-complete, both the perfect and the imperfect informa- 
tion game. Hence, the imperfect information in Scotland Yard does not 
increase the game’s complexity, under the current analysis. 


Let SCOTLAND YARD be the set of all Scotland Yard instances Sy such 
that J has a winning strategy in SY(Sy). As a special case let the set of 
Scotland Yard instances SCOTLAND YARD g equal 


{(G, (ux, Ux), f) E SCOTLAND YARD | f has range {%}}, 


where # € {show, hide}. 

In this section, we show that SCOTLAND YARD and SCOTLAND YARDshow 
both are complete for PSPACE. From this one may conclude that the 
imperfect information in Scotland Yard does not have a computational im- 
pact. Surprisingly, if 4 cannot see the whereabouts of V at any stage of 
the game, the decidability problem ends up being NP-complete. That is, 
SCOTLAND YARDhide is complete for NP. The latter claim is substantiated 
in Section 7. 


Lemma 6.1. SCOTLAND YARD € PSPACE. 


Proof. Required is a PSPACE algorithm that for arbitrary Scotland Yard 
instances SY decides whether 3 has a winning strategy in SY(sy). By The- 
orem 5.7, it is sufficient to provide a PSPACE algorithm that decides the 
same problem with respect to SY-PI(sy). This equivalence comes in useful, 
because SY-PI(sy) is a game of perfect information and can for this reason 
be dealt with by means of the traditional machinery. In fact, the very same 


T One of the anonymous referees made the valuable point that winning strategy preser- 
vation follows almost directly from the fact that the two structures are isomorphic. 
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machinery supplied by Papadimitriou cited in Section 1 will do. Recall that 
Papadimitriou, namely, observed that deciding the value of a game with 
perfect information can be done in PSPACE if the following requirements 
are met: 


e the length of any legal sequence of moves is bounded by a polynomial 
in the size of the input; and 


e given a “board position” of the game there is a polynomial-space al- 
gorithm which constructs all possible subsequent actions and board 
positions; or, if there aren’t any, decides whether the board position 
is a win for either player. 


It is easy to see that SY-PI(sy) meets those conditions. As to the first one, 
namely, the length of the description of any history is polynomially bounded 
by the number of rounds k of the game. By assumption k < ||V|| < ||Sy||, 
whence the description of every history is polynomial in the size of the input. 
As regards the second condition, if (h, U,v) is a non-terminal history, then 
its successors are either (depending on f) only (h, U, U, {wi,...,Wm}) or all 
of (h,U,v,{w1}),...,(h,U,%,{wm}), where E(U — {v}) = {w1,..., Wm}. 
Those can clearly be constructed in PSPACE. 

In the worst case, for an arbitrary history (h,U,v,U’) owned by J there 
are ||V ||" many vectors v such that E(v,v’), where n is the number of 
Js pawns on the game board. This number is exponential in the size 
of the input. Nevertheless, every vector Y in V" = {v1,..., uy }" can 
be constructed in polynomial space, simply by writing down the vector 
(v1,-..,01) E€ V” that comes first in the lexicographical ordering and suc- 
cessively constructing the remaining vectors that follow it up in the same 
ordering. Q.E.D. 


Hardness is shown by reducing from QBF. 
Lemma 6.2. SCOTLAND YARDshow is PSPACE-hard. 


Proof. Given a QBF instance Y = Vaidy....Vtndyn p, where yp = C1 A 
... A Cm is a boolean formula in 3-CNF, it suffices to construct in P a 
Scotland Yard instance Syy, such that 7% € QBF if and only if Syy € 
SCOTLAND YARDshow. To this end, let me construct the initial position 
of the game constituted by Syy. The formal specification of Sy, follows 
directly from these building blocks. 

Set i = 0. For i < n + 1, do as follows: 


e If i = 0, lay down the opening-gadget, that is schematically depicted 
in Figure 6.a. Moreover, distribute the pawns from 


(aries i ena yis yas Vt 
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over the vertices of the opening-gadget as indicated in its depiction. 


e If 1 < i < n, first put the x;-gadget at the bottom of the already 
constructed game board. Next, put the y;-gadget below the justly 
introduced x;-gadget. Figures 6.b and 6.c give a schematic account 
of the x;-gadget and y;-gadget, respectively. (Note that as a result of 
these actions, every vertex in the board game is connected to at least 
one other vertex, except for the ones on the top row of the opening- 
gadget and the ones on the bottom row of the y;-gadget.) 


e Ifi = n + 1, put the clause-gadget (see Figure 6.d) at the bottom of 
the already constructed board game. This gadget requires a little tin- 
kering before construction terminates, in order to encode the boolean 
formula y by adding edges to the clause-gadgets (not present in the 
depiction), as follows: 


— For every variable z € {#, y} and clause C in y: If z occurs as a 
literal in C, then join the vertices named “+z” and “C” by an 
edge. If ~z occurs as a literal in C, then join the vertices named 
“2” and “C” by an edge. 


e Settz=i4+1. 


Note that the board game can be considered to consists of layers, that 
are indicated by the horizontal, dotted lines. These layers are numbered 
—2,-1,...,4n + 5, enabling us to refer to these layers when describing 
strategies. Note that the division in layers is not complete: in between layer 
4(i—1)+3 and layer 4(i—1)+4 of the x;-gadget are two floating vertices. 

The formal specifications of the graph and the initial positions of SY are 
easily derived from the previous descriptions. Therefore, SY, is fully speci- 
fied after putting f : {1,...,4n +5} — {show}. Hence, sy, is an instance 
of SCOTLAND YARDshow- 


It remains to be shown that Yy E€ QBF iff sY, € SCOTLAND YARDshow- 


From left to right. Suppose {true, false} = w, then there is a way of 
subsequently picking truth values for the existentially quantified variables 
that renders w’s boolean part y true, no matter what truth values are 
assigned to the universally quantified variables. 3's winning strategy in 
SY(SY,) (being witness of the fact that Syy E SCOTLAND YARDshow) shall 
be read off from the aforementioned way of picking. We do so by interpreting 
moves in SY(SY,) as assigning truth values to variables and vice versa: 
Actions performed by V from layer 4(i — 1) + 1 to layer 4(i — 1) + 2 will be 
interpreted as assigning a truth value to the universally quantified variable 
zi. In particular, a move by V to the vertex named “+a,” (“—x;”) will 
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FIGURE 6. The gadgets that make up the initial position of the board 
game constituted by SY (sY). The dotted lines are merely “decoration” of 
the game board, to enhance readability. The horizontal, dotted lines are 
referred to as “layers”. 
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be interpreted as assigning to x; the value true (false). Conversely, if 3’s 
way of picking prescribes assigning true (false) to y; this will be reflected 
in SY(SYy) by moving 3„, to the vertex named “+y;” (“—y,;”) on layer 
4(¢—1) +5. 

Roughly speaking, 3 goes about as follows: when she is to chose between 
moving J4, to the vertex named “+y;” or “—y;” she understands V’s previous 
moves as a truth assignment and observes which truth value is prescribed 
by the way of picking. Next, she interprets this truth value as a move in 
SY(SY,) as described above and moves d,, to the according vertex. This 
intuition underlies the full specification of 3’s strategy, described below: 

For 0 <i<n+1 let J's strategy be as follows: 


e Above all: If any pawn can capture V, do so! 


e For every pawn that stands on a vertex on layer 7 that is connected to 
exactly one vertex on layer 7 + 1, move it to this vertex. If the pawn 
at stake is actually 4,, standing on a vertex on layer 4(i — 1) + 3, it 
cannot move to the vertex on layer 4(i — 1) + 4, because there is a 
vertex v in between. In this case, move Jy, to v and on the next round 
of the game move it downwards to layer 4(i — 1) + 4. 


e If J,, stands on a vertex on layer 4(i — 1) + 2, then move it to the 
vertex on layer 4(i — 1) + 3 that is connected to the vertex where V is 
positioned. 


e If 4,, stands on a vertex on layer 4(i — 1) + 4, and the way of picking 
prescribes assigning true (false) to y;, then move it to the vertex on 
layer 4(i — 1) + 5 that is named “+y;” (“—y;”). 


e If da stands on a vertex on layer j that has two successors on layer 
j +1, then move it along the left-hand (right-hand) edge, if j is even 
(odd). 


e If 5, (for z € {z, y}) stands on a vertex on layer 4n+4 and this vertex 
is not connected to a vertex on which V is positioned, move it along 
an arbitrary edge (possibly upwards). 


As to V’s behavior we claim without rigorous proof that after 4n + 4 
rounds of the game (that is, without being captured at an earlier stage of 
the game) he has traversed a path leading through exactly one of the vertices 
named “+a,” and “—a,”, for every x; E€ {7}, ending up in a vertex named 
“C”, for some clause C in y. To see that this must be the case: moving V 
upwards at any stage of the game results in an immediate capture by Ja. 
(In fact, 4a’s sole purpose in life is capturing V, if he moves upward.) If V 
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is moved to one of the reflexive vertices on layer 4(¢ — 1) + 3 he is captured 
by Jz; who moves along the reflexive edge. 

Upon arriving at layer 4n + 4, pawn 3, (for z € {#,y}) stands on a 
vertex named “+z” or “—z”, reflecting that z was assigned true or false, 
respectively. By assumption on the successfulness of the way of picking, 
that guided 3 through SY(sy,), it is the case that the truth assignment 
that is associated with the positions of the pawns dz,,...,dz,,,dy,,--+, dyn 
makes y true. That is, under that truth assignment, for every clause C in p 
there is a literal L that is made true. Now, if L = z, then 4, stands on the 
vertex named “+z” and this vertex and the vertex named “C” are joined 
by an edge; and if L = ~z, then 4, stands on the vertex named “—z” and 
this vertex and the vertex named “C” are joined by an edge. So no matter 
to which vertex named “C” pawn V moves during his 4n+5th move, for at 
least one z € {7,9} it is the case that 4, can move to this vertex named 
“C” and capture him there. 


From right to left. Suppose {true, false} jÆ w, then there is a way of 
picking truth values for the universally quantified variables that renders the 
boolean part false, no matter what truth values are subsequently assigned 
to the existentially quantified variables. We leave out the argumentation 
that this way of picking constitutes a winning strategy for V in SY(SyY,), 
as it is similar to the argumentation in the converse direction. But note 
one crucial property of V’s winning strategy: it moves pawn V downwards, 
during every round in the game. Therefore, the only round in which it can 
be captured is the last one: on a vertex on layer 4n + 5. 

Close attention is required, though, to 4’s behavior. That is, it is to be 
observed that 4 cannot change her sad destiny (losing) by deviating from 
the behavior specified in the rules below. The gist of this behavior is that 
it results in pawn Jz, remembering V’s moves on layer 4(¢— 1) + 1 and that 
after 4n+4 rounds the pawns d,z,,...,de,,dy,,---, dy, all stand on a vertex 
on layer 4n+4. The point is that just as above, the positions of these pawns 
on vertices on layer 4n + 4 reflect a truth assignment. This time however, 
the truth assignment falsifies the boolean part y. 


The rules are as follows: 


(1) If 3;, stands on a vertex on layer 4(i — 1) + 2, then move it to the 
vertex on layer 4(i — 1) + 3 that is connected to the vertex where V is 
positioned. 


(2) If J4 stands on a vertex on layer j that is connected to two vertices 
below, then move it along the left-hand (right-hand) edge, if j is even 
(odd); or along the right-hand (left-hand) edge, if j is even (odd). 
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FIGURE 7. Positions on the game board that may occur if 3 does not play 
according to rule (1) and (2), depicted in (a) and (b), respectively. 
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(3) For every pawn that stands on a vertex on layer j that is connected 
to exactly one vertex on layer j + 1, move it to this vertex. (With the 
same exception as before with regard to Jy, standing on a vertex on 
layer 4(i — 1) + 3.) 


We argue that not behaving in correspondence with (1)-(3) will also result 
in a loss for d: 


(1) Suppose J+, stands on the vertex on layer 4(i—1)+2, with two options: 
u and v. Let u be the vertex on layer 4(i — 1) + 3 that is connected to 
the vertex where V is positioned (see Figure 7.a). For the sake of the 
argument let us suppose that J+; is moved to v, violating rule (1). In 
that case, V may safely move to u. If V continues the game by moving 
its pawn downwards it wins automatically, since after the final round 
(round 4n + 5) its pawn stands on a vertex on layer 4n + 4, due to 
the extra vertex sitting in between layers 4(i—1)+3 and 4(i— 1) +4, 
without there being any opportunity for J to capture him. As such, 
the pawn Jy, is forced to remember what vertex V visited on layer 
4(i— 1) +2: the one named “+2;” or “—2;”. 


(2) Suppose J4 stands on a vertex on layer 4(i — 1) + 1 and from there 
moves along the right-hand edge twice (see Figure 7.b). V can exploit 
this move by moving as he would move normally, except for round 
4n + 5, during which he moves upwards. This behavior results in a 
guaranteed win for V, since none of 4’s pawns is pursuing V closely 
enough to capture it, after moving upwards. 


(3) Suppose any pawn controlled by 4 moves upwards instead of down- 
wards. This can never result in a win for J, because V (behaving as 
he does) can only be captured in the last round of the game, on a 
vertex on layer 4n +5. In particular, any pawn J,., for z € {z, y}, the 
shortest path to a vertex on layer 4n + 5 is of length 4n +5. Now, if 
J, is moved upwards, it cannot (during the last round of the game) 
capture V. 


This concludes the proof. Q.E.D. 
The previous two lemmata are sufficient arguments to settle completeness. 


Theorem 6.3. SCOTLAND YARD and SCOTLAND YARDshow are PSPACE- 
complete. 


Proof. Lemma 6.1 holds that SCOTLAND YARD is solvable in PSPACE. 
To check whether an instance sy has a function f with range {show} is 
trivial, therefore, also SCOTLAND YARDshow is solvable in PSPACE. 
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PSPACE-hardness was proven for SCOTLAND YARDshow in Lemma 6.2. 
Since the latter problem is a specialization of SCOTLAND YARD, it follows 
immediately that SCOTLAND YARD is PSPACE-hard as well. Hence, both 
problems are complete for PSPACE. Q.E.D. 


7 Ignorance is (computational) bliss 


Intuitively, adding imperfect information makes a game harder. However, 
if one restricts oneself to Scotland Yard instances in which V’s whereabouts 
are only known at the beginning of the game, then deciding whether 3 has 
a winning strategy is NP-complete, cf. Theorem 7.3. After the proof of 
this theorem, we argue that from a quantitative point of view it is indeed 
harder for 4 to win an arbitrary Scotland Yard game, thus backing up our 
pre-computational intuitions. 


Lemma 7.1. SCOTLAND YARDhide € NP. 


Proof. We make use of the equivalence between the Scotland Yard game and 
its perfect information counterpart Scotland Yard-PI. It suffices to give an 
NP algorithm that decides whether J has a winning strategy in an arbitrary 
SY-PI(sy), where Sy’s information function has range {hide}. That is, for 
every integer i on which f is properly defined, we have that f(z) = hide. 
Let me now repeat the game rule from page 224 that regulates V’s behavior 
in the game of Scotland Yard-PI: 


2-PI. Let U’ = E(U — {v}). If f(i) = hide, then set U = U’ and Y 
positions a V pawn on every vertex v iff v € U. If f(i) = show, 
then V picks a vertex u’ € U’, removes all his pawns from the 
board, and puts one pawn on u’. Set U = {u’}. 


Since for no 1 <i < k, f(t) equals show, we can harmlessly replace it by 
the following rule: 


2-PI’. Set U’ = E(U — {v}) and Y positions a V pawn on every vertex 
v iffu € U. 


Doing so yields a game in which V plays no active role anymore, in the 
sense that the set U at any round of the game is completely determined 
by Js past moves. Put differently, any game constituted by an instance 
of SCOTLAND YARDhide is essentially a one-player game! Having obtained 
this insight, it is easy to see that the following algorithm decides in non- 
deterministic polynomial time whether 3 has a winning strategy in the k- 
round SY-PI(sy): 


e Non-deterministically guess a k number of n-dimensional vectors of 
vertices v1, ..., Uk E V”. 
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e Set U = {u.}, U = Ux, and i = 1; then for i < k proceed as follows: 
— If E(v,%;), then set v = U;; else, reject. 
— If (U — {v}) = Ø, then accept; else, set U = (U — {v}). 
— Seti =i+1. 


e If after k rounds there are still Y pawns present on the game board, 
reject. 


This algorithm is correct: J has a winning strategy in SY-PI(sy) iff it 
accepts SY. Hence, SCOTLAND YARDhide is in NP. Q.E.D. 


To prove hardness, we reduce from 3-SAT, assuming that no clause in a 
3-SAT instance contains two copies of one propositional variable. This goes 
without loss of generality. 


Lemma 7.2. SCOTLAND YARDhide is NP-hard. 


Proof. To reduce from 3-SAT, let y = C1 A...ACym be an instance of 3-SAT 
over the variables 71,...,£,. On the basis of y we shall construe a Scotland 
Yard instance SY, such that ¢ is satisfiable iff 3 has a winning strategy in 
SY-PI(sy,). In fact, Sy, will be read off from the initial game board that 
is put together as follows. 

Set i = 0; for i < n proceed as follows: 


e If 1 =0, lay down the clause-gadget from Figure 8.a. The sub-graphs 
H; are fully connected graphs with four elements, whose vertices are 
connected with the vertices wj, for 1 < j < m. 


e If 1 <i < n, put the x;-gadget to the right of the already constructed 
game board, see Figure 8.b. It will be convenient to refer to the vertex 


i 


q’ by means of —',,, and +444. 
For every 0 < j < m, do as follows: 
—If z; occurs as a literal in Cj, add the edges (+4, wj) and 
(wj, +541): 
— If =x; occurs as a literal in Cj, add the edges (—%, wj) and 
(wj, —F41)- 
— Add the edges (vj, han) and (uj, +444). 
Note that Co refers to no clause, and that —!,,,;=+),4,=¢@. 


e Seti =i+1. 
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FIGURE 8. The gadgets that make up the initial position of SY-PI(sy,). 
The sub-graph H; is a fully connected graph with 4 elements, all of whose 


vertices are connected with the vertex wj. 
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The Scotland Yard instance sy, is derived from the board game: the di- 
graph is completely spelled out and the initial positions are as indicated 
in the gadgets. Note that the every vertex in the constructed digraph 
has at least one outgoing edge. In fact the reflexive edges in sê and tt 
serve merely to accomplish this fact. Therefore, Sy, is fully specified af- 
ter putting f : {1,...,2m + 2} — {hide}. Hence, Sy, is an instance of 
SCOTLAND YARDhide- 


It remains to be shown that y € 3-SAT iff Sy, E SCOTLAND YARDhide- 


By Theorem 5.7, it is sufficient to show that y € 3-SaT iff 3 has a 
winning strategy in SY-PI(sy,). 

From left to right. Suppose ọ is satisfiable, then there exists a truth 
assignment t : {7} — {true, false} such that for every clause C} in y, there 
exists at least one literal that is true under t. Let us describe a strategy for 
J that is based on ¢ and argue that it is in fact a winning strategy for her 
in SY-PI(sy,,): 


e If J; stands on the vertex on layer 0 and t(a;) = true (false), then 
move it to +4 (—{) on layer 1. 


e If J; stands on —' (+4), and —‘ (+4) happens to be connected to 
wj, then move it to wj. If 3; stands on —4 (+4) and —§ (+3) is not 


a he Ale j 
connected to wj, then move it to d} (e§). 


e If 4; stands on wj, move it to +4,4, for + € {+,—}. Note that this 
move is deterministic, since there is an edge from w; to + 4+1; Say, only 
if x; occurs as a literal in C;. By assumption of y being an instance 
of 3-SAT, it cannot be the case that also =z; occurs as a literal in C}. 
Hence, there is no edge from w; to —‘,4. 


e If J; stands on di (eż) then move it to —S41 (+541). If J; stands on 
dj, or em then move it to q’. 


e If 4; stands on qf, then move it to sê if t(a;) = true and to t’ if 
t(a;) = false. 


Observe that if 4 plays according to the above strategy, every pawn 4; will 
eventually traverse either all vertices —{,...,—', or all vertices +4,...,+%,, 
given that t(x;) = false or t(x;) = true, respectively. 

To show that this strategy is indeed winning against any of V’s strategies, 
consider the sets of vertices U; that V occupies on the clause-gadget and 
the x;-gadget, after round 0 < j < 2m + 2 of the game in which 3 moved as 


described above. Initially, V has one pawn on vo; thus, Uj = {vo}. Let us 
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suppose without loss of generality that t(a;) = true. Then, Uj = {ui,—{} 
as the V pawn put on +4 is captured by 3;. We leave it to the reader to 
check that for 1 < j < m — 1, it is the case that 


U3; = {vj d3} 


i = i 
U3541 = {Uj+1, aii, =j 


The crucial insight being that the Y pawn put on w; can be captured iff there 
exists at least one literal in C; that is made true by t. Since t was assumed to 
be a satisfying assignment, there must be at least one J pawn that captures 
the universal pawn on wj. It is prescribed by the above strategy that 3; is 
moved to any w;-vertex, if possible. Furthermore, it is required to return 
to the x;-gadget on the next round of the game, capturing the Y pawn that 
was positioned on +4, ,, from vj. 

After round 2m — 1, V cannot continue walking on the safe path de- 
fined by vo, U1,---,Um3 es he has one pawn on Vm and two pawns per 
xi-gadget: U3, = ió di ‘ }. The pawn put on g from Vm is captured by 
J; coming from ef,, so we get that U3smi1 = {p'}. Following the strategy 
above, 4 moves J; from gf to s’, whence U3,,,5 = Ø. Since i was chosen 
arbitrarily, it is the case that y has no pawns left on any xz;-gadget and 
therefore has lost after exactly 2m + 2 rounds of playing. 


From right to left. Suppose vy is not satisfiable, then for every truth 
assignment t to the variables in y, there exists a clause C; in y, that is 
made false. In the converse aitection o this proof, we concluded that every 
J; traverses one of the paths —{,...,—1,,q' and +5,..., +5,0, depending 
on t(x;). This behavior We al in accordance bith iie truth value t(2;) 
assigned to xi; if this behavior is displayed with respect to every 1 <i<n, 
then we say that it is in accordance with the truth assignment t. 

For now, assume that 3 plays in accordance with some truth assignment 
t. Since y is not satisfiable, it is not satisfied by t either. Therefore, there 
is a clause C} that is not satisfied by t. This is reflected during the playing 
of the game by the fact that after round 27 there is a Y pawn positioned on 
wj that cannot be captured by any 4;. This state of affairs will result in a 
win for V, as he positions pawns on every vertex in H; during round 27 + 1. 
By construction, H; is a connected graph on which he can keep on putting 
pawns indefinitely. 

Remains to be shown that 3 cannot avoid losing by deviating from play- 
ing in accordance with some truth assignment. We make the following 
claims: (A) If after round 1 < 27 — 1 < 2m + 1 there is an į such that no J 
pawn is positioned on -} or +, then 3 loses. (B) If after round 2 < 2j < 2m 
there is an 3 pawn positioned on cj or fj, then 4 loses. We prove this by 
induction. While proving these claims, we take the easily derived fact for 
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granted that during round 27 — 1 of the game V has a pawn on u; and that 
during round 2j of the game Y has a pawn on vj. 

_ Base step. (A) Suppose after round 2m-+1 no J pawn is on £ (recall that 

—=m+1 = Sg = = qf). Then, there is a V pawn on gf, since by construction 
of the game board, Um is connected to gq’. During the next round, V has 
pawns on both sê and tt, none of which is captured by J, as she has no 
pawns on the «;-gadget. 

(B) Suppose after round 2m there is an J pawn positioned on cf, say. 
We make a case distinction regarding the state of affairs after round 2m+1: 
(i) there is an J pawn on qf. Obviously, this pawn cannot be the one on 
ci, after round 2m, since there is no edge from c$, to qf. Therefore there 
are two of 4’s pawns on the x;-gadget. As there are exactly n pawns at J’s 
disposal, during round 2m + 1 there is an x;,-gadget avoid of J3 pawns. In 
particular, there is no J pawn on q”. Applying clause (A), yields that 3 
cannot win from this position. (ii) There is no J pawn on qt. Then, there is 
a V pawn on q’ after round 2m+1, coming from vm. Therefore, after round 
2m + 2 there is a Y pawn on tł; since J can only capture V’s pawn at st. 

Induction step. (A) Suppose after round 1 < 27 — 1 < 2m — 1 there is 
an 7 such that no 4 pawn is positioned on = or +. Since V has a pawn 


on vj—1 after round 2j — 2, he has pawns on both —į 


; and +5 after round 
2j — 1. If after the next round Y occupies the vertices c, di,e or di, e$ €$» f 
this implies that one of J’s pawns is on cå or fi, respectively. But then 
she loses in virtue of the inductive ee of (B). So, suppose that after 
round 2j V occupies all the vertices cj, dj, e%, fi. Then, for the x;-gadget 
to be cleansed of V pawns it is prescribed that on some later round of the 
game there are at least two 3 pawns on this gadget. But then on this round 
the inductive hypothesis of (A) applies, yielding that 4 loses. 

(B) Suppose after round 2 < 27 < 2m — 2 there is an 3 pawn positioned 
on cj, say. Then, after round 2j + 2 the same pawn is positioned on cj. 
‘Applyiie the inductive hypothesis of (B) teaches that 4 loses. 


We leave it to the reader to check that if 3 plays in such a way that if 
during any of the rounds of the game the premises of (A) and (B) do not 
apply, then she plays in accordance with some truth assignment. However, 
also playing according to any truth assignment is bound to be a losing way 
of playing, as we argued earlier. This concludes the proof. Q.E.D. 


Tying together the latter two theorems yields NP-completeness for the 
specialization of Scotland Yard in which V does not give any information. 


Theorem 7.3. SCOTLAND YARDhide is NP-complete. 


Proof. Immediate from Lemmas 7.1 and 7.2. Q.E.D. 
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G-Din (+1) (k-2)(k-1j 


FIGURE 9. The forked graph F. 3 has a winning strategy iff she knows V’s 
position during round j. 


From a computational point of view it is easier to solve the decision 
problem SCOTLAND YARD, when V does not reveal himself during the game. 
Yet, in a quantitative sense it becomes harder for 3 to play this game, in 
that there are games in which 3 has no winning strategy if V does not reveal 
himself at all, but she would have had a winning strategy if V was to reveal 
himself at least once. To make this claim precise fix two functions g and h, 
where 


g:{1,...,k} — {hide} and Ah: {1,...,k} — {hide, show} 


such that h(j) = show, for some j. We leave it to the reader to check that 3 
has a winning strategy in SY(F, (ux, Ux), h) but none in SY(G, (us, Us), g). 
In the latter games, F is the graph depicted in Figure 9. 


8 Concluding remarks 


By means of a power set construction we observed that imperfect informa- 
tion of vertices can be propagated to perfect information of sets of vertices, 
without affecting the property of the cops having a winning strategy, cf. The- 
orem 5.7. Lemma 6.1 shows that the decision problem SCOTLAND YARDshow 
is PSPACE-hard; Theorem 6.3 shows that that it is PSPACE-complete. 
This finding is in line with the literature on combinatorial game theory, since 
the former decision problem concerns two-player graph games with perfect 
information. More surprisingly, it was shown in Lemma 6.1 that the power 
set analysis does not come at a computational cost: also SCOTLAND YARD 
is solvable in PSPACE. 

The question why, on an abstract level, the imperfect information in 
Scotland Yard does not increase the computational complexity is not ad- 
dressed in this paper. Thus, a direction for future research is to explore what 
are Scotland Yard’s properties that cause it to behave like most two-player 
games with perfect information. 

We made the point that under the current analysis, Scotland Yard games 
enjoy the same level of abstraction as graph games. Still the games under 
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consideration form a coherent lot. To name some of their shared properties: 
the duration is bound by the graph’s size; the imperfect information satisfies 
perfect recall; the information function cannot account for very subtle pat- 
terns of ignorance; and, the graphs were only supposed to have out-degree 
> 1. Thus a more general theory is desirable that charts the computational 
landscape of imperfect information graph games. In particular the question 
is worthwhile under what conditions the complexity of graph games does 
not increase when imperfect information is inserted. 
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Abstract 


The aim of the present paper is to discuss two different approaches 
for formulating independence friendly (IF) modal logic. In one of 
them, the language of basic modal logic is enriched with the slash 
notation familiar from IF first-order logics, and the resulting logic 
is interpreted in terms of games and uniform strategies. A different 
approach is formulated in the present paper: an IF modal logic is 
defined by imposing conditions on its structural relationships to other 
logics, namely a specified modal logic (say, basic modal logic), its 
first-order correspondence language, and IF logic. We compare logics 
emerging from the two approaches. More generally, the issue of the 
Eigenart of IF modal logics is addressed. 


1 Introduction 


Already in the seminal publications on independence friendly first-order 
logic (IF logic) [Hi,95, Hi, 96, Hi;Sa489, Sa493], applications were pointed 
out involving a first-order modal setting. It was argued that the logical 
form of some natural language sentences is best captured by formulas that 
allow for slashing relative to modal operators—marking certain logical op- 
erators as independent of modal operators in whose syntactic scope they 
nevertheless lie. In the first publications that developed an independence 
friendly modal logic, Bradfield [Bro00] together with Fréschle [BroFr402a] 


* We wish to thank Peter van Emde Boas, Tapani Hyttinen and Jouko Väänänen for 
helpful discussions, and the anonymous referee for most useful suggestions and criti- 
cisms. 


Johan van Benthem, Dov Gabbay, Benedikt Löwe (eds.). Interactive Logic. Proceedings of 
the 7th Augustus de Morgan Workshop, London. Texts in Logic and Games 1, Amsterdam 
University Press 2007, pp. 247—280. 
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interpreted the logic’s independence indications using a combination of tran- 
sition systems with concurrency and games of imperfect information. Tu- 
lenheimo [Tu,03, Tu;04] together with Hyttinen [Hy:Tu105] showed that a 
reasonable IF modal logic can be defined simply using Hintikka’s original 
idea of implementing logical independence by informational independence 
in the sense of game theory [Hi,73, Hi,95, Hi, 96]. To model logical indepen- 
dence, this suffices; it is not necessary to enrich standard modal structures 
by introducing concurrency as a separate, primitive component of the mod- 
els. This type of study of IF modal logic serves to attract interest in the 
larger program of independence-friendliness that investigates the notion of 
informational independence in logic. 

The aims of the present paper are twofold. (1) First, we wish to give 
a recap of the various logics introduced under the heading ‘IF modal logic’ 
whose semantics rely simply on the game-theoretical notion of informational 
independence, as just explained. (Accordingly, we do not discuss Bradfield’s 
independence friendly modal logics.) The pre-theoretical motivation for all 
these logics was, when they were introduced, that they would be ‘modal 
analogues’ of IF first-order logic—in syntax as well as in semantics. 

The logics termed ‘independence friendly modal logic’ in the relevant re- 
search publications [Hy;Tu,05, Tu; 03, Tu104, Tu1Se206] differ among them- 
selves both in syntax and in semantics. (The sense of diversity is of course 
only increased when the logics of [Bro00, BroFr402a] are considered as well.) 
Depending on which syntactic restrictions one imposes on the formation of 
the independence indications, logics with different metalogical properties 
result. As will turn out, the appropriate properties may diverge strikingly 
from case to case (cf. Table 2 in Section 6). The present authors conclude 
that a framework is desirable in which the various systems can be systemat- 
ically studied and compared. In this vein, our second aim (2) is to introduce 
a framework that sheds a unifying light on the IF modal logics introduced 
so far, and can be used to develop new logics that are both modal and in- 
dependence friendly. The framework we put forward is determined by three 
parameters. These parameters are inspired by the standard translation of 
basic modal logic into first-order logic, and Hintikka’s IF procedure that 
brings us from first-order logic to IF first-order logic. 

Although we find our framework a natural environment for studying 
independence friendliness and modal logic, by no means do we claim that the 
framework covers all conceivable IF modal logics. Neither do we claim that 
all logics to be found within this framework are equally interesting. In fact, 
we regard it as one of the virtues of the framework that within its confines, 
one can isolate logics some of which enjoy ‘nicer’ properties than others. 
From this very perspective, we define the so-called ‘structurally determined 
IF modal logic’. In [TuySe206] this logic is shown to combine a number 
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of nice properties: strong expressive power, decidability, and allowing for a 
compositional semantics. 


Let us now introduce some basic notions, and fix the plan of the paper. 


IF first-order logic. It has been observed by Hintikka, on various oc- 
casions, that as a matter of fact, the syntactic scope and (logical) priority 
scope of quantifiers coincide in first-order logic. Hintikka [Hi 96] points out 
that there is no general pre-theoretical backing for this assumption, and 
provocatively refers to it as Frege’s fallacy. The formulas of IF first-order 
logic, denoted IF, carry the slash ‘/’ as a new item of notation. The slash, 
as in Vy(da/y)y, is to be interpreted in such a way that the occurrence of 
daz is outside the logical priority scope of Vy, although it falls within the 
syntactic scope of Vy. The formulas of IF are generated from the fragment 
of first-order logic in which every variable is quantified at most once and in 
which every formula is in negation normal form, to be denoted FO. For- 
mally, we let IF be the smallest superset of FO closed under the following 
condition: 


e If y € IF and Jz occurs in ¢ in the syntactic scope of quantifiers 
among which Q1y1,.--,QnYn, then the formula resulting from replac- 
ing Ja by (Ar/y1,..-,Yn) is also in IF, 


where Q;y; stands for Vy; or dy; The notion of ‘binding a variable’ is 
extended from the usual first-order case by saying that the quantifier Qiyi 
binds the occurrence of the variable y; in (Av/y1,...,Yn), with 1 <i<n. 
We write Jx rather than (3x/Ø), if the tuple yi,..., Yn is empty. One may 
consider the above rule as specifying an IF procedure, producing IF from 
FO. In the literature various other IF procedures are put forward, that 
allow for marking propositional connectives as independent of quantifiers, 
marking quantifiers as independent of (suitably construed) propositional 
connectives, and/or marking universal quantifiers as independent of other 
logical operators. In the current paper, we refrain from considering these 
options. 


Basic modal logic. Formulas of basic modal logic (ML) are generated 
from a fixed class prop of propositional atoms by the following grammar: 


y :=p | =p | (YV p) | (Ag) | oe | Oy, 


where p € prop. Its semantics is defined relative to modal structures and 
their states, that is, tuples M = (M, R, V) and elements w € M, where 
M is a non-empty domain, R is a binary relation on M termed accessibil- 
ity relation, and V : prop —> Pow(M) is a valuation function. It will 
be assumed that the clauses recursively associating a truth condition with 
all ML-formulas are familiar. (The reader may consult, e.g., [BldRVe101, 
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Section 1.3].) Polymodal basic modal logic ML, is like ML, but involves k 
modality types, each with its own box L; and diamond ©;. Its semantics 
is in terms of k-ary modal structures (M, Rı,..., Rg, V), having for every 
modality type i an accessibility relation R; C M? of its own. 


Expressive power. If L and L’ are two modal logics whose semantics are 
defined relative to a class K of modal structures, we say that Lis translatable 
into L’ over K (in symbols L <x L’), if for every y € L, there is Yy € L’ such 
that for all modal structures Mt € K and all w € M, we have: M, w = yp 
if, and only if, M,w = wy. L’ is more expressive than L over K, or has 
greater expressive power than L over K (symbolically L <x L’), if L <k L’ 
but L’ << L. The logics L and L’ have the same expressive power over K, 
or coincide over K (denoted L =x L’), if L <k L’ and L’ <x L. When 
speaking of the class of all modal structures, we suppress the subscript 
indicating the class altogether, and write simply L < L’ and so on. 

These notions are naturally extended to a comparison between a modal 
logic and (IF) first-order logic. To every modal structure M = (M, R, V) 
there corresponds, in a canonical way, a first-order structure INFO = 
(M, R, (V(p))peprop), interpreting a binary relation symbol R as the bi- 
nary relation R, and, for each p € prop, a unary relation symbol P as the 
set V(p). Saying, for instance, that L is translatable into FO, means that 
for every y € L there is a first-order formula w(x) of one free variable, x, 
written in the vocabulary {R, (P)peprop}, such that for all modal structures 
M and all w € M, we have: M, w H ọ iff MFO, y H wy, where q(x) = w. 


Plan of the paper. In Sections 2 and 3 we survey two IF modal logics in- 
terpreting the slash device in terms of informational independence, referred 
to as IFML and EIFML,. As an original result we prove Theorem 2.6, 
stating that IFML cannot be translated into first-order logic. The logics 
IFML and EIFML, show that allowing independence friendliness serves 
to increase the expressive power of a modal logic. However, the definitions 
of these logics also suggest that many more IF modal logics can be obtained 
by varying the syntax and the IF procedure applied. 

In Section 4 we propose a new framework for studying IF modal logics 
from the IF first-order viewpoint. Essentially, the framework allows for sys- 
tematically varying the syntax and the IF procedure used in defining an IF 
modal logic. We discuss at some length a particular logic obtained in this 
framework, termed ‘structurally determined IF modal logic’, or IFMLsp. 
(This logic is extensively studied by the authors in [Tu;Se206].) To give a 
fuller picture of the expressivity of the various IF modal logics discussed in 
the paper, in Section 5 we provide an original negative expressivity result 
concerning IFML, EIFML, and IFMLsp, proving that relative to a cer- 
tain class of trees, the expressive power of all these logics collapses to that 
of basic modal logic. Section 6 serves as a conclusion in which we comment 
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the issue of informational independence in logics, putting forward our con- 
viction that the notion of informational independence not only makes sense 
with respect to logics other than first-order logic (since it can, for instance, 
be systematically studied in connection with modal logic) but also enjoys 
general theoretical interest. In this concluding section also a summary of 
known results concerning different IF modal logics can be found, as well as 
a table where some conjectures about them are listed. 


Note on notation. If L is a logic for which syntax and semantics is 
defined, and y is a formula of L, we write y € L to say that y is among the 
formulas of L. That is, when no confusion may arise, we do not notationally 
distinguish a logic from its set of formulas. By “Z-formula” we mean formula 
of L. 


2 IF modal logic via independence indications 


We wish to introduce a modification of basic modal logic where diamonds 
may be ‘indicated as independent’ from any syntactically superordinate 
modal operators (boxes or diamonds). Such indicating is accomplished by 
using a notation (O/%1,...,7%), where 71,...,7% are positive integers which 
in a specified, systematic way identify superordinate modal operators. Such 
syntactic independence indications are semantically interpreted in terms of 
‘logical dependence’: the choice of a state as a semantic value of a diamond 
(©/t1,...,%%) must not depend on the states interpreting the modal oper- 
ators identified by the integers 71,...,7,. Supposing that (a1,...,@,) and 
(ai,,...,a/,) are two sequences of choices for modal operators superordinate 
to (O/i1,...,%%), then if these sequences agree on all choices save for those 
corresponding to the operators identified by the integers 71,..., 7%, the state 
chosen for (©/i1,...,%%) must be the same in both cases. 

The logic we now proceed to define is dubbed independence friendly 
modal logic. We stress that it carries this name for ‘historical reasons’ — 
by no means do we wish to suggest that this logic is the IF modal logic. 
Semantically, IF modal logic will emerge as a proper extension of basic 
modal logic. This observation increases interest in the study of IF modal 
logics, for it gives rise to the hope that independence friendliness is a di- 
mension of modal logics that may yield more expressive, yet decidable sys- 
tems. (That entertaining such a hope is not entirely unrealistic can be seen 
from the decidability results concerning certain specific IF modal logics, cf. 
(Hy, Tu,05, TuiSe206].) We now turn to defining the syntax and semantics 
of this logic in detail. 


2.1 Definition of the logic 


Syntax. The formulas of Independence friendly (IF) modal logic (IFML) 
are obtained from those of ML by the following rewriting rules: 
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1. If% € ML, then the result of replacing all occurrences of © in w by 
the symbol (©/@) is a formula. 


2. If w is a formula, (O/Ø) appears in w, and i1,...,in is a tuple of 
positive integers, then the result of replacing that token of (O/Ø) in 
w by the symbol (©/i1,...,%n) is also a formula. 


Formulas of IFML are precisely the strings generated by the above two 
rules. By stipulation, we write © for (0/2). Thereby any string that is 
a formula of ML, is in fact also a formula of IFML. Note that the input 
and output of the above rule 2 are identical in the special case that n := 0. 
Examples of IF ML-formulas are: 


Op, (O/1)p, O(O/1)p, 
(O/127)0(0/1,2)p, (A(O/1)pA OO(O/1,2)¢), Olp v (©/1)q), 
(pA (O/1)q). 


It was already pointed out that the role of the integers 71,...,% follow- 
ing a diamond sign, as in (©/%1,...,%n), is to identify certain syntactically 
superordinate modal operators. Which ones? The principle of identification 
we make use of, is based on the left-linear relation of syntactic subordination 
among tokens of operators (V,A,©,Q) appearing in formulas y € IFML. 
Relative to a formula y, this relation induces a tree structure, with the 
unique outmost operator of y at its root, and operators with no subordinate 
operators at leaves. Hence for any operator-token, the set of its predecessors 
in this tree structure determines a linear order. If O € {V,A, ©, 0O} appears 
in y, it is either itself the unique outmost operator of y, or else there is a 
unique immediate predecessor O’ of O among the operator-tokens to which 
O is subordinate, and so on. So we may speak of ‘the n-th predecessor’ of O. 
We can also restrict attention to modal operators preceding O, and enumer- 
ate them beginning from the one that is furthest and ending up with the one 
that is closest. In this way we may speak of ‘the n-th modal operator in y 
among those modal operators that precede O’—hence counting only modal 
operators and ignoring conjunctions and disjunctions. It is to the numbers 
identifying the locations of modal operators syntactically superordinate to 
(O/t1,...,¢%n) in this latter type of numbering, that the integers i1,...,%n 
refer. 

In O(0/1)0(0/1,2)p, the numeral 1 in (©/1) refers to the immedi- 
ately preceding box, and the numerals 1 and 2 in (©/1,2) to the first 
occurrence of 0 resp. to the first (and only) occurrence of (/1). In 
(O(/1)p A OO(/1,2)¢), the numeral 1 in (/1) identifies the box in 
the left conjunct, whereas the same numeral identifies the outmost dia- 
mond of the right conjunct in (©/1,2). We allow for vacuous identifiers: in 
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(©/127)p the numeral 127 refers to nothing at all, since there are no 126 
or more nested modal operators syntactically preceding O in that formula. 

In earlier publications on IF modal logic [Bro00, BroFr402a, Hyı Tu105, 
Tu103, Tu104], various different identification methods are used for singling 
out the desired superordinate modal operators. Typically this has been 
accomplished by introducing an explicit indexing or labelling of tokens of 
modal operators as a part of the syntax. The possibility of defining the 
syntax as above shows that such an indexing is not a conceptually necessary 
ingredient of IF modal logics.! 

The set Sub[y] of subformulas of a formula y € IFML is defined in a 
straightforward way: Sub[p] = {p} and Sub[—=p] = {~p}; for o € {V,A}: 
Sub[(~ o @)] = {( o @)} U Sub[y] U Sub/[@]; Sub[Oy] = {Oy} U Subfy]; and 
Sub|(O/i1,... iny] = {(O/t1,...,%n)w} U Subfy]. A formula y € IFML 
is closed, if it contains no vacuous identifiers, i.e., if every (C/t1,...,%n) 
appearing in ọ is subordinate to at least max{i1,...,%,} nested modal op- 
erators in y. Otherwise ọ is open. 


Semantics. There may appear in a given formula many tokens of the same 
subformula. (E.g., in (p V p) there appear two tokens of the subformula p.) 
When defining the semantics of an IF logic, one must pay specific attention 
to this fact, to be able to formulate clauses defining the semantic role of 
operators with independencies, such as (/%1,..., ik). 

We follow [Va07] in understanding formulas explicitly as finite strings 
of symbols. Each numeral standing for a positive integer in a formula of 
IFML is counted as a separate symbol (no matter how many digits it has 
in the chosen presentation), other symbols being propositional atoms, ), 
(, 7, V, A, ©, O, Ø, the comma and the slash-sign /. The length of a 
string S, in symbols |S], is the number of symbols in S when each symbol 
is counted as many times as it occurs. The symbols appearing in a formula 
are enumerated with positive integers starting from left to right. 


For illustration, consider the formula y := O(©/1, 27)(p V q). 


FOC ot / {if r T iC i ep [via |) | 


p21} 2] 3 14]5]6] 7 [8] 9] io] 1] 12] 13 | 


In the special case that the nth symbol of a string w starts itself a string 
which is a subformula of w, we write A(w,n) for that subformula. In the 
above example, A(y,9) = (p V q) and A(y,10) = p. Every subformula of 
a formula 4 is of the form A(w,n) for some n, and some subformulas may 
appear in w corresponding to several numbers n. It may further be noted 
that if w is closed and the operator (©/%1,...,%n) appears in w, the above 


1 Essentially this definition of the syntax suggested to one of the authors (TT) by Balder 
ten Cate in December 2002. 
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enumeration of the symbols in Y% could be used as an alternative way of 
identifying those modal operators, superordinate to (©/%1,...,%n), that by 
syntax are identified by the integers 71,...,%n. 

In defining game-theoretical semantics for IFML, we adapt the defini- 
tion that is given in [Va07] for IF first-order logic. For every formula y, 
modal structure Mt and state wo E€ M, a semantic game G(y, M, wo) be- 
tween two players (3 and V) is associated by defining the set of its positions. 
We refer to J as ‘she’ and to V as ‘he’. If ¢ = (ao,..., an) is a finite sequence, 
we write max(c) for its last member, max(¢) := an. If an4i is any further 
object, we write ¢~an+1 for the extended sequence (a1,...,@n,@n+41)- 


Definition 2.1 (Positions). Positions are triples (w,n,<), where y = 
A(y,n) and ¢ is a finite sequence of elements of M. In the beginning of 
the game the position is (p, 1, (wo)). The following conditions serve to gen- 
erate the set of all positions of G(y, Mt, wo), with M = (M,R,V). They 
also specify which player makes which type of choice (if any) at a given 
position. 


1. (a) If (p,n,¢) is a position, then: if max(¢) € V(p), 3 wins, otherwise 
V wins. (b) If (>p,n,¢) is a position, then: if max(s) ¢ V (p), 3 wins, 
else V wins. 


2. If ((W V ),n,¢) is a position, also (W,n+1,¢) and (p,n + 2+ lẹ], s) 
are positions. Player 3 chooses one of these positions at ((w Vy), n, s). 


3. If ((W A wy), n,¢) is a position, also (W,n+1,¢) and (p,n + 2 + lẹ], s) 
are positions. Player V chooses one of these positions at ((a A), n, s). 


4. If ((O/t1,...,%%)~,7,6) is a position and (max(c), v} € R, then 
(y,n+2k+3+4(k),o~v) 


is a position, where (k) = 0, if k > 1 and (k) = 2, if k = 0. If 
there is at least one such position, player 3 chooses one among them 
at ((O/t1,...,¢%)y, 7,6). If there is none, player V wins. 


5. If (Gy,n,¢) is a position and (max(c¢),v) € R, then (y,n+1,¢~v) is 
a position. If there is at least one such position, player V chooses one 
among them at (Oy,n,¢). If there is none, player 4 wins. 


2 Ifk > 1, the number n+ 2k +3 + f(k) = n+ 2k + 3 is obtained by counting two 
parentheses, the diamond, the slash, and k numerals together with k — 1 commas in 
the independence indication. However, if k = 0, then (©/i1,...,i,) = (O/Ø), and the 
correct identifier is n + 2k+34+2=n+5. 
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Note that the subformula component ~ in a position (wW,n,¢) is strictly 
speaking superfluous, because this subformula is fully determined by the 
number n: Y = A(y,n). It is written down here for clarity of exposition. 

The above definition of the set of positions in fact serves to define the 
game G(y, M, wo). This game is a determined zero-sum game of perfect 
information. We are not, however, interested in who has a winning strategy 
in this game. What interests us, instead, is who has a strategy that leads to 
a win against any sequence of moves by the opponent, and satisfies the extra 
condition of uniformity, to be defined shortly. The uniformity requirement 
will have the consequence that to force the desired outcome, player 3, in 
particular, must make her choices in a ‘universalizable’ manner: make the 
same choice in several ‘equivalent’ circumstances.’ 

Before we can define the uniformity requirement, let us define the notion 
of game tree; tell what the strategies of the players are; and specify what it 
means for a player to use a strategy. 


Definition 2.2 (Game tree, play, partial play). The set of positions of a 
semantic game G(y, M, wo) determines, in a canonical way, a tree—to be 
called the game tree. The nodes of the tree are the positions, and its ordering 
relation is the transitive closure of the relation ‘is a successor position of’, 
itself in effect given by the definition of position when telling which are the 
positions to which a given position gives rise. Any (maximal) branch of the 
tree represents a possible play of the game. Initial segments of plays are 
called partial plays. Sometimes partial plays will be termed histories of the 
game. 


Definition 2.3 (Strategy, using a strategy). A strategy of player J in se- 
mantic game G(y, Wt, wo) is any finite sequence o of functions g; (called 
strategy functions), defined on the set of all partial plays (po,...,pi—1) sat- 
isfying: 


e If p;-1 = ((Y V p); n,s), then o tells 3 which formula to pick, that is, 
oi(po,---,Pi-1) E {n+ 1,n+2+ ||}. If the strategy gives the lower 
value, player J picks the left-hand formula w, otherwise the right-hand 
formula y. 


e If pi-1 = ((O/i1,... ik); n, S), then o tells 3, if possible, which ele- 
ment v € M with ee ),v) € R to pick. Hence o;(po,...,pi-1) € M 
and is accessible from max(c¢). If no suitable element exists, the 
play has come to an end, with V winning the play. So in that case 
(po,---,Pi-1) is a play, and øg; is not defined on it. 


3 The resulting game resembles in many respects games of imperfect information, but 
strictly speaking is not one. This feature of the semantic games for IF modal logic is 
discussed in [Tu;04, Section 2.3.1]. 


256 T. Tulenheimo, M. Sevenster 


It is said that 4 has used strategy o in a play of G(y, Mt, wo), if in each 
relevant case 4 has made her choice using ø. More exactly, player 3 has 
used ø in a play (po,..., pn), if the following two conditions hold for all 
i< n: 


1. If pi-1 = ((W V p), m,s) and oj(po,...,pi-1) = M + 1, then pi = 
(w,m + 1,s), whereas if o;(po,...,pi-1) = m + 2 + |y], then pi = 
(p,m +2 + |4], s). 


2. If pi-1 = ((O/i1,...,ik)p,Mm,s) and o;(po,...,pi-1) = v, then pi = 
(p,m + 2k +3 + i(k), sov). 


The notions of strategy and using a strategy can be analogously defined for 
player V. 


Definition 2.4 (Uniform strategy, winning strategy). A strategy o of player 
J in semantic game G(y, M, wo) is uniform, if the following condition holds. 
Suppose p;-1 = (A(w,m),m,¢) and pi_, = (A(w,m),m,<’) are two posi- 


tions arising in the game, when 3 has played according to ø. Further, 
assume that 


A(w,m) = (O/t1,...,%K)y. 


Then if the sequences ¢ and ¢’ agree on their values for all arguments except 
possibly on i1,...,%%, the strategy o agrees on the positions (A (Y, m), m, ¢) 
and (A(%,m),m,<’), that is to say, o;(po,---, Pi-1) = Oj (Po, <- -, Di1). 

A strategy o of player J in game G(y, M, wo) is a winning strategy, if o 
is uniform, and player J wins every play in which she has used the strategy. 

The analogous uniformity condition for strategies of V is vacuous, since 
by the syntax, there are no operators of the form (O/i1,...,in). A strategy 
o of player V is winning simply if it leads to a win by V against every 
sequence of moves by J. 


On the basis of the definition of position, the sequences ç and ç’ men- 
tioned in the definition of uniformity indeed necessarily have the same 
length. That is, there is an initial segment © of w such that ç and ç’ 
both are functions of type & —>» M. If some or all of the numbers 21,..., ix 
happen to be outside of the domain 5, the sequences ç and ç’ are vacuously 
uniform in the corresponding arguments. 


Truth and falsity of IFML-formulas are defined as follows: 


e ¢ is true in M at w (denoted M,w Et vy), if there is a winning 
strategy for J in G(y, M, w). 


e ọ is false in M at w (denoted M, w 7 yw), if there is a winning 
strategy for V in G(y, M, w). 


Approaches to Independence Friendly Modal Logic 257 


C1 C2 C3 ch c) ch 
N ZN fp b LDN A 
by by bi bb 
NS Ra 
a a’ N 
FIGURE 1. 
y is non-determined in IN at w (denoted M,w -° vy), if game 


G(y, M,w) is not determined, i.e., if neither M,w H wy nor 
M, w = y. 


In what follows we will almost exclusively be interested in truth of modal 
formulas, and we will simply write } for the relation ET. 


2.2 


Expressive power 


For an example of evaluating an IFML-formula, consider the modal struc- 
tures Mt and N depicted in Figure 1. The atom p is true in I precisely at cı 
and c3, and in N exactly at ch. Consider, then, the formula y := O(/1)p. 
We observe three things: 


(1) 


(2) 


(3) 


y is not true in Wt at a: There is no winning strategy for J in game 
G(y, Mt, a), since a function g inducing a winning strategy would have 
to satisfy g(b1) = g(b2), and if this value was cı or c3, the move would 
not be in accordance with the game rules if V’s choice was bz resp. bı. 
On the other hand, if the value was c2, the resulting plays would be 
wins for V, since p is not true at c2. (As a matter of fact, y is not false 
in M at a either: also for V there is no winning strategy in G(y, M, a). 
If V chooses bı (b2), then by choosing cı (resp. c3) 3 generates a play 
that she wins.) 


y is true in N at a’: The function f defined by the condition f(b}) = 
f(b5) = ch induces a winning strategy for 3 in G(y, N, a’). 


The structures (M,a) and (N, a’) are bisimilar.* Hence they are not 
distinguished by any formula of basic modal logic. 


In view of (1), (2) and (3), it follows that IFML is not translatable into 


ML. 


Since ML is trivially translatable into IFML, we have just established 


that IFML has greater expressive power than basic modal logic:° 


4 For bisimilarity, see, e.g., [BldRVe101, Section 2.2]. 
5 This expressivity result was originally proven in [Tu ,03, Lemma 4]. 
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Theorem 2.5. ML < IFML. 


Our main result concerning the expressive power of IFML in this pa- 
per, Theorem 2.6, says that this logic is strong enough not to admit of a 
translation into first-order logic. This is in contradistinction to the case of 
basic modal logic, translatable via the well-known standard translation into 
FO, in fact into the 2-variable fragment of FO. (For standard translation, 
see, e.g., [BldRVe,01, Section 2.4].) 


Theorem 2.6. IFML is not translatable into FO. 


Proof. Let n > 2 be arbitrary. In what follows, by stipulation 7@ 1 :=7+1, 
ifi<n,andn@1:=1. (Inversely, i © 1 = j means j ® 1 = i.) Define a 
modal structure M, = (Mn, Rn, Vn) as follows. The domain Mp consists 
of five disjoint layers, Lo := {a1}, Li := {b1,..., bn}, Lo := {61,..., Cn}, 
Ls := {d1,..., dn}, and Ly := {e1,...,en}, related by the accessibility 
relation Rn := 


{(a1, bi): 1 <i <n} U{(b:, c): 1<j Snandj<i<jSl} U 
{(cj,dk):1<k<nandk<j<k®1i}; U {(dk, engi): 1< k< n}. 


The valuation V,, is empty. In Figure 2, the modal structure Ms is depicted. 
Let, then, y := O(O(0/2)(O/1,3)T v O(e/2)(0/1,3)T). 


Claim 2.7. For all n > 2, Mn, aı H= wv if, and only if, n is even. 


Proof. “From right to left”: Suppose n is even. We define three func- 
tions, f : Lı —> {left,right}, g : {left,right} x Lı — > Lz and 
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h : {left,right} x Lz — L4. If V’s first move is b;, define f(b;) = left, 
if i is odd, and f(b;) = right, otherwise. If V continues by picking out 
cj, put g(right,b;) = g(left,b;) = dio1, hence ignoring the information 
about cj. Further, if j is odd and f(b;) = left (and so also 7 is odd), let 
h(f(b:),¢;) = ej, and similarly, if j is even and f(b;) = right (and so also 
i is even), let h(f(b;),c;) = ej. Otherwise, let h(f(b;), cj) = eje1- 

It is immediate that the functions f, g,h serve to define a winning strat- 
egy for J in G(w,9t,, a1). In particular, when J is supposed to make a 
choice corresponding to one of the occurrences of (©/1,3), she knows by f 
whether it is the right or the left disjunct that is at stake, and she sees V’s 
move cj for the second occurrence of L in that disjunction. She can infer 
whether V’s first choice was bj or bjg1, because by the evenness of n, the 
numbers j and j 61 cannot have the same parity, and having used f, 3 has 
chosen the left disjunction if, and only if, 7 is odd. Knowing, then, which of 
the points bj or bj@1 V had chosen, 3 can further infer, by using g, at which 
point she currently is. But then there is only one point she can choose at 
all for (/1,3), and this point is as a matter of fact given by h. 


“From left to right”: Assume n is odd, and suppose for contradiction that 
there is a winning strategy for 3 in G(w, M,,a1). Let f,g,h be functions as 
above induced by that winning strategy. Because n is odd, there necessarily 
are points b;,bigi such that f(b;) = f(bie1). Let us w-l.o.g. assume that 
these points are b, and by, and that f(b,) = f(b1) = left. Consider, then, 
the two partial plays where V’s pairs of choices are (bn,cn) and (bj, cn). 
The function g must yield for (©/2) the choice d,_1 in the former case, and 
in the latter case the choice dn. (Because of the uniformity condition, the 
choice must be the same no matter which successor of b, resp. bı player V 
chooses. In the former case, the options for V are cy, and cy_1, and their 
only common successor is dn—1. And in the latter case V’s options are Cp 
and cı, whose only common successor is dn.) 

The function h may only use as its arguments the disjunctive choice 
(which here is left in both cases) and V’s choice c,—which likewise is the 
same for both partial plays, having (bn, Cn, dn—1) and (b1, Cn, dn) as their 
corresponding respective choices from the model. This means that h will 
choose the same point ex in both cases. But whichever point ex, is, the 
move is possible along the accessibility relation Rn in at most one of the 
two cases. Hence f,g,h do not induce a winning strategy, contrary to the 
assumption. Q.E.D. (Claim 2.7) 


Claim 2.8. For all n > 1, the first-order structures (MEO, a) and 
(MEO, a1) satisfy exactly the same first-order formulas of one free variable 
and quantifier rank at most n+ 1. 


Proof. There is a winning strategy for Duplicator in the Ehrenfeucht-Fraissé 
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game EF n41 (MFS, a1; MEP, |, a1): an optimal strategy for Spoiler is to 
choose successively the elements b20, bo1,..., ban from the domain of MEO; 
let Duplicator respond to these choices by the elements bg0, bo1,..., ban, 
respectively, from the domain of MEO. (Should Spoiler be allowed an 
(n + 2)nd move, he could choose the element bn, from the domain of 
MEO, and to this Duplicator would have no response.) Q.E.D. (Claim 2.8) 


In view of the Claims 2.7 and 2.8, w does not admit of translation into 
FO, and so IFML is not translatable into first-order logic. 
Q.E.D. (Theorem 2.6) 


Thus IFML is semantically a much stronger logic than ML, in fact, 
it cannot be translated into FO. It is an open question whether the sat- 
isfiability and validity problems of IFML are decidable. In [Hy:Tu105] 
the decidability of both of these problems was established for the so-called 
‘IF modal logic of perfect recall’ (IFMLpr). This logic is a fragment of 
IFML, syntactically restricted in such a way that the semantic games cor- 
responding to its formulas are games of perfect recall. The structurally 
determined IF modal logic from Section 4 is likewise a fragment of IFML; 
like IFMLpr, it is more expressive than ML; and its satisfiability and 
validity problems are decidable. The complexity of IFMLsp-satisfiability 
is known to be in PSPACE [TuiSe206]; by contrast, the exact complexity 
of IFMLpr-satisfiability is an open question (the recursive bound on the 
size of a finite model of an IFMLppr-formula obtained in [Hy;Tu;05] has 
the form of tower function w.r.t. the length of the formula, and is hence far 
from feasible). The validity problems of the logics IFMLpr and IFMLsp 
are, on the other hand, both known to be decidable in PSPACE. 


3 Extended IF modal logic 


For one thing, the enterprise of IF logic teaches us that things that are 
uncontroversial and unproblematic in first-order logic turn out to have in- 
triguing properties when we dare to introduce the slash device. A case in 
point is the behavior of propositional connectives, as observed by Hodges 
in [Ho 97al. 

Semantically, the evaluation of conjunction (disjunction) is a choice be- 
tween two things: the left and the right conjunct (disjunct). Hence these 
connectives can be construed as restricted quantifiers. Instead of (Y A xX), 


6 Note that for IF modal logics, the satisfiability and validity problems are not each 
other’s duals. Let ‘~y’ be a shorthand notation for a formula in negation normal 
form such that: 3 has a winning strategy in G(-7, M, w) iff V has a winning strategy 
in G(~, M, w). Choose vy, Mt and w so that y is non-determined in M at w. Then 
(p V ~g) also is non-determined in M at w, and thus not valid. Yet a(y V ~g) is not 
satisfiable. 
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we may, equivalently, write Nier Pi, given that yı := w and YR := x. 
Similar observations can be made about the restricted quantifier V;¢ {LR} 
It is straightforward to see that in first-order logic, introducing these re- 
stricted quantifiers does not yield greater expressive power. E.g., the sen- 
tence Aje{L,R} Jx Pix is simply equivalent to (Az PLs \ da Prax). The same 
holds for the result of replacing the usual conjunction and disjunction by 
the corresponding restricted quantifiers in basic modal logic: what results 
is just a notational variant of ML. For instance, Aje{L,R} Cup is equivalent 
to (OLpA Orp), where ©; is the diamond over the accessibility relation R;. 

Hodges studied the restricted quantifiers A j<,,,g; and Vietu ry} in the 
context of IF logic in [Ho197a]. A similar move was made by Tulenheimo 
with respect to IF modal logic. The resulting logic, called Extended IF 
modal logic, was first introduced in [Tu,04], having been originally sug- 
gested by Hyttinen (personal communication). This logic allows marking 
modal operators as independent even from superordinate conjunctions and 
disjunctions, when the latter are construed precisely as restricted quanti- 
fiers. 

To make the Eigenart of Extended IF modal logic visible, we assume 
a polymodal framework. The modal structures considered will have k ac- 
cessibility relations R,,..., Rx, each corresponding to a modality type of 
its own. In syntax, the diamonds and boxes carry an index, indicating 
which accessibility relation is responsible for the semantics of the operator 
in question. E.g., the formula D207p of a polymodal basic modal logic says 
that any Re-successor of the current state has an R7-successor satisfying 
the atom p. 

Conjunctions and disjunctions are construed as restricted quantifiers 
ranging over the set {L,R}. Accordingly, a string i,...7, € {L,R}* may 
appear as a subscript of a modal operator syntactically subordinate to n 
conjunction or disjunction signs, and it is a part of the specification of the 
syntax to associate the appropriate strings with modality types 1,...,k. 
For instance, if Aie{L,R} Vje{L,R} (Oiz/1)T is a formula, the syntax must 
provide a mapping from the set {LL, LR, RL, RR} to the set {1,...,k}. If the 
evaluation has proceeded to the subformula (©,;/1)T, the mapping yields 
a modality type corresponding to the diamond, depending on which choices 
among L,R were made earlier, first for Aje{_,R} and then for Vje{L,R} 

Before we get to the formal underpinnings of this logic, let us consider 
a nice illustration of its capabilities. Think of Extended IF modal logic 
with two modality types, one of which is interpreted by means of the iden- 
tity relation =. Slightly abusing the syntax to make stating the example 
smoother, consider the formula A\je,=,r}(©i/1)T, indicating that there is a 
state to which J can move from the current state w, without knowing which 
accessibility relation (among R and =) was earlier picked out by V. One of 
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the accessibility relations being =, 4 must choose w. But this means that 
in order for this formula to hold in IN at w, it must also be possible to get 
from w to w via the relation R. In fact, when evaluated at w, the formula 
serves to state that (w,w) € R. 


Syntax. Let L(prop) be the set of literals: formulas of the form p or 
ap with p € prop. Extended IF modal logic, EIFML,;, uses k modality 
types, and its formulas are strings O1 ... OnY(jı - - - jm), where m is the total 
number of conjunction and disjunction symbols in the prefix O1...O,. The 
components of these strings are as follows. First, the strings are associated 
with a distribution of modality types u : Uj;< {LR}! — {1,...,k} and a 
distribution of literals y : {L,R}"” — L(prop). Second, each Oy is one of 
the following: 


(i) NjeettR} 
(ii) Vi e{LRY 


(iit) Oj,...3,, where y is the number of conjunction and disjunction symbols 
preceding O, in the prefix; 


(iv) (Oj,...3,/t15-++5 tz), where y is the number of conjunction and disjunc- 
tion symbols preceding Ox in the prefix, and 1 < 7,...,4, <a—-1. 


Semantics. The semantics will be defined relative to k-ary modal struc- 
tures, mentioned in Section 1. To formulate the truth conditions, a semantic 
game Gy, M, wo) is associated with each formula y, k-ary modal structure 
M and state wo E M. In the interest of clarity, we will define positions in 
the game so that they keep explicitly track not only of the states chosen 
before reaching that position, but also of the conjuncts and disjuncts chosen 
up to then. 


Definition 3.1. Let y := O1...Ony(ji---jm) E EIFML;. Positions of 
game G(y, Mt, wo) are quadruples (w,,¢,¢’), where 1 < L < n+1, Y = 
Og... Ony(ji-.-jm), S: S — M and <’ : S’ —> {L,R}, where S is the 
set of those numbers x in {1,...,n} for which Os is a modal operator, 
and S’ = {1,...,n}\S. (The functions ç, ç’ may simply be thought of 
as sequences of states and sequences of objects L,R, respectively.) In the 
beginning, the position is (y, 1, (wo), Ø). The following conditions generate 
the set of all positions of G(y, M, wo), with M = (M, R1,..., Rk, V). They 
also specify which player makes which type of choice (if any) at a given 
position. 


1. (a) If its ') = p and the position is (p,n + 1,¢,<"), then: if max(¢) € 
V(p), 3 wins, else V wins. (b) If vey = Es and the position is 
(ap,n+1,¢,<’), then: if max(s) € V(p), 3 wins, otherwise V wins. 
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2. If the position is (V j,€fL,R} y,é,¢5,6'), then both (Y, + 1,¢,¢’~L) 
and (y, + 1,s,s'TR) are positions. Player 4 chooses one of these 
positions at (Vj,efL,R} g, 4, s,s"). The case of (Nj c{L,R} p, £s, S") is 
otherwise similar, but it is player Y who chooses one of the positions 
at (A jee fL,R} P, A S, ç’). 


3. If u(c’) = j, and the position is ((O¢/t1,..., 72), €,¢,6¢’), then for 
every v such that (max(s),v) € Rj, we have that (y, + 1,¢~v,<¢’) is 
a position. It is 3 who chooses one of these, or if none exists, there are 
no further positions and V wins. The case of (Hey, £, s,s’) is similar, 
but it is Y who makes the choice, or, if he can make none, there are 
no further positions and J wins. 


The notions of game tree and (partial) play are defined as in the case 
of IFML. A strategy of J is also defined similarly, as a tuple of strategy 
functions o = (01,...,0,), with one strategy function for each expression 
of the form V je €fL,R} or (O4,...,j,/41,-++5%z) in the prefix. If a partial play 


(po,---;Pi—1) is already produced, such a strategy function makes a choice 
between the positions each of which is a combinatorially possible next posi- 
tion. Using a strategy is again defined like in the case of IFML. A strategy 
of J is winning, if it leads to a win against any sequence of moves by V, 
and is, furthermore, uniform in the following sense: if p; = (p, £, s,s”) and 
p; = (p, L, T, T’) are any two positions arising in the game supposing that 3 
has used a, with y = (O,,...,j,/t1,.--, 42), then if the maps ¢U¢’ and TUT’ 
agree on all their values except possibly on 71,...,7,, the strategy o agrees 
on the positions p; and pj, i.e., maps the sequence of positions leading to p; 
to the same element as the sequence of positions leading to p}. The notions 
of strategy, using a strategy and winning strategy are defined analogously 
for player V (keeping in mind that the condition of uniformity is vacuously 
satisfied by V’s strategies). 

Semantics of EIFML, is simply defined by stipulating that vy is true 
(false) in M at wo, if there is a winning strategy for J (resp. V) in game 
G(y, M, wo). 

About the expressiveness of Extended IF modal logic, note first that by 
the proof of Theorem 2.6, EIFML, cannot be translated into FO.’ Hence: 


Theorem 3.2. For all k > 1, ETF ML, is not translatable into FO. 


Second, it is evident that polymodal EIFML, is more expressive than 
the polymodal version of IFML. E.g., consider evaluating the formula 
N\ie{=,r}(Oi/1)T of our earlier example relative to the modal structures 


({a}, {(a, a)}, {(@, a) }, Ø) and ({a, b}, {(a,a)}, {(a, b)}, 2) with a Ab. 


T This considerably improves the result proven in [Tu104, Theorem 3.3.9], according to 
which, whenever k > 3, EIFML, does not have a first-order translation. 
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Among the applauded virtues of modal logic are its nice computational 
properties: for instance, model checking is tractable and satisfiability is 
decidable. Amusingly, it can be shown that the satisfiability problem of 
EIFML, with the identity relation is undecidable, cf. [Se206]. This result 
shows that the power of slashing is considerable even when we import it in 
modal logic. It is interesting to see whether a similar undecidability result 
can be achieved without the identity relation and maybe even for IFML. 
It might well turn out that IF ML proper is decidable, whereas ETFML; 
is undecidable. This would show us—once again—that the particulars of a 
pre-slash, independence-unfriendly language are sleeping beauties. 


4 Structurally determined IF modal logic 


The logics IFML and EIFML, aimed at being modal analogues of IF 
first-order logic: results of importing the slash device into modal logic and 
interpreting it so as to produce a modal logic of informational independence. 
However, as indeed shown by the two languages, the particular independence 
friendly modal logic that we end up considering depends highly on the syn- 
tax used, and on the way independence is introduced. In Section 4.1, we 
introduce a new framework in which IF modal logics can be compared and 
isolated, by tuning three parameters that will be highlighted shortly. Some 
researchers have objected that there is no a priori reason why slashed modal 
operators would formalize a meaningful notion of independence. This criti- 
cism will be revisited in relation to the logics specified within our framework. 
Section 4.2 singles out a specific logic by instantiating the three parameters 
of the framework in a certain way. The logic in question will be a frag- 
ment of IF first-order logic; it is denoted by IF(ST?(ML)). Section 4.3 
introduces a certain modal-like logic—so-called ‘structurally determined IF 
modal logic’—which is subsequently, in Section 4.4, shown to characterize 
IF(ST?(ML)). Interestingly, this modal-like logic will have a compositional, 
‘“Tarskian’ semantics. Finally, Section 4.5 discusses some aspects of the ex- 
pressive power of the structurally determined IF modal logic. 


4.1 The framework 


The framework we propose essentially isolates ‘modal fragments’ of IF first- 
order logic. This approach is partially inspired by current research in modal 
logic. Namely, although basic modal logic is an extension of propositional 
logic, nowadays it is usually conceived of as a fragment of first-order logic. 
Milestone results that brought about this change of perspective include the 
standard translation, and van Benthem’s Theorem [vB76] which character- 
izes modal logic as the ‘bisimulation invariant’ fragment of first-order logic. 

Assuming this perspective, an IF modal logic is obtained by fixing three 
things: first, a set of strings that are considered as modal formulas; second, 
a standard translation that maps the former set to a subset of first-order 
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logic; and third, an IF procedure that maps this subset of first-order logic 
into IF first-order logic. The IF modal logic thus generated is modal in that 
it originates from a modal logic, and independence friendly in that it is a 
fragment of IF first-order logic, through the appropriate IF procedure. 

More precisely, our framework covers all logics that are obtained from 
a modal logic M£ that can be translated into first-order logic, standard 
translation ST and IF procedure IF as follows: 


e Translate every formula from MC into first-order logic using ST, 
and obtain the first-order correspondence language of ML, denoted 
ST(MZL). 


e Apply to every formula from ST(MCZ) the IF procedure IF, and obtain 
the set of IF modal formulas determined by ML, ST, and IF, denoted 
IF(ST(M2)). 


Observe that there are instantiations of the initial modal logic, the standard 
translation, and the IF procedure that give rise to meaningless and unin- 
teresting systems. This will happen if the parameters ML, ST and IF are 
incompatible; for instance, if the range of the operation ST is disjoint from 
the domain of the operation IF. But the framework also contains poten- 
tially interesting systems. For one thing, as we will see, the (IF first-order 
correspondence languages of the) logics that were studied earlier under the 
headings IFML and EIFML, can be generated by tuning the parameters 
of the framework in a specific way (cf. Table 1 in Section 4.2). 

We think this framework facilitates finding logics that have ‘nice’ com- 
binations of properties. It is beyond the scope of the current paper to give a 
specific sense to the phrase ‘nice combination of properties’. But generally 
a high expressive power combined with a low computational complexity is 
considered nice. In the context of IF logic, also allowing for a compositional 
semantics can be appreciated as a desirable property. 

Indeed, Cameron and Hodges showed in [Ca,Ho;01] that no composi- 
tional semantics exists for IF first-order logic in which the ‘interpretation’ 
\y(x)|.4 of a formula with one free variable is a subset of the domain of A; 
what is more, they even proved that in a compositional semantics for IF 
first-order logic, |y(x)|_4 cannot be a subset of dom( A)”, for any n < w. If 
by “Tarskian semantics’ we mean a compositional semantics where the inter- 
pretation of a formula |y(x1,...,@%)|4 will be a subset of dom(A)™ for some 
m > k, it follows that no Tarskian semantics for IF first-order logic is pos- 
sible. (On the other hand, Hodges had already proven in [Ho197a, Ho,97b] 
that IF first-order logic admits of a compositional semantics where the in- 
terpretation |y(x)|_4 of each formula y(x) is a subset of the powerset of the 
domain.) Given this background, being able to show that an IF modal logic 
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can be interpreted in a Tarskian way, signals that the complexity of the full 
IF logic is tamed in this respect. 

As an example of a logic emerging from our framework, we will consider 
the structurally determined IF modal logic introduced in [Tu;Se206]. The 
satisfiability and validity problems of this logic are decidable, and it allows 
for a compositional semantics. 

Some researchers have opposed the very idea of an independence friendly 
modal logic, by insisting that independence is a relation between (syntacti- 
cally manifest) variables, while none are forthcoming in modal logics. Thus, 
they have suggested that a priori modal operators furnished with indepen- 
dence indications are not necessarily meaningful. Staying within our frame- 
work, we need not enter such a discussion. Rather, we can point out that 
logics generated in our framework are immune to any such criticism, since 
they are literally fragments of IF first-order logic. 


4.2 Instantiating the three parameters 


In this subsection, we will fix the values of the parameters in a certain way. 
It turns out that the resulting fragment of IF first-order logic admits of 
a particularly smooth characterization in modal logical terms (see Section 
4.3). Actually, it is captured by a compositional modal-like language, to be 
referred to as IFMLsp. The concrete cases we wish to consider are these: 


e Basic modal logic, ML, in negation normal form. (It is well known 
that each basic modal formula has an equivalent form in which the 
negation-sign appears only as prefixed to a propositional atom.) 


e The standard translation ST? : ML —> FO? of basic modal logic 
into the 2-variable fragment of first-order logic. 


e The IF procedure associating with every first-order formula y the 
set IF(y) of those IF first-order formulas that are obtained by re- 
placing any number of existential quantifiers dr, appearing in y by 
the corresponding symbol (Arx/2;,,...,2i,,), provided that: (a) in 
y there appear the universal quantifiers Vx;,,...,Va;,, superordinate 
to Jrg; (b) in the formula resulting from the replacement, the vari- 
ables 2;,,...,%;,, in (Srz/2j,,...,2;,,) become thereby bound by the 
universal quantifiers Va;,,...,Vxi,,; and (c) £k É {ai,,..., Zin} 


Note that clause (b) precludes cases like the string Vada(dy/x)y, resulting 
from applying the IF procedure to Vadadyy. 

Basic modal logic is assumed to be in negation normal form (NNF), to 
ensure that its first-order correspondence language is in negation normal 
form as well. This is useful in the present context, since one may safely 
apply a Hintikka-style IF procedure to extend any fragment of FO that is 
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in NNF. Another way in which a basic modal language interesting for the 
purposes of IF modal logic can be introduced is using the strong prenex 
normal form (SPNF), by now familiar from EIFML;,: considering formulas 
O1...Ony(j1---Jjm), where each O, in the prefix is Ninety Vieef{LR} 
jiju OF Oja.jy (y being the number of conjunction and disjunction sym- 
bols preceding O, in the prefix), and for all strings jı... jm E {L,R}”, 
we have that y(jı ... jm) is a literal. As was already noted in Section 2.2, 
the standard translation of ML into FO can be performed using only two 
variables. Of course, other standard translations mapping ML into FO 
are readily available, say one that introduces pairwise distinct variables for 
any quantifiers translating nested modal operators. Finally, as remarked 
earlier, various IF procedures have been proposed. The one put forward by 
us is tailor-made to suit the particulars of the fragment of first-order logic 
obtained by translating ML to FO via ST?. 

By stipulation the two variables of FO? are x,y. Define the 2-variable 
fragment of IF first-order logic, denoted IF”, as follows. Its formulas are 
obtained from those of FO”: Let a, 8 € {x,y} and a Æ £. If y € FO”, the 
result of replacing any number of occurrences of 43 subordinate to Va in y 
by the symbol (43/q) is a formula of IF’, provided that the variable 8 in 
4/a) becomes thereby bound by Va. Thus deVa(Sy/x) Ray is a formula of 
IF’, but Vrda(dy/x) Rey is not. The semantics of IF? is obtained from the 
semantics of IF first-order logic by stipulating that the variable a mentioned 
in (4G/qa) is bound by the closest universal quantifier Va superordinate to 
(33/0). 

Having made the three choices and defined IF”, a fragment of IF first- 
order logic, to be denoted IF(ST?(ML)), has been determined. It consists of 
the results of applying the specified IF procedure to the first-order formulas 
yielded by the standard translation ST? from the formulas of basic modal 
logic in NNF. The framework of structurally determining a logic is well- 
suited also for discussing other IF modal logics. Table 1 lists (the IF first- 
order correspondence languages of) several IF modal logics studied in the 
literature, in terms of different instantiations of the three parameters. 

The logics L1, L2, L3 are the IF first-order correspondence languages of 
IFMLpr, IFML resp. EIFML,, i.e., the canonical translations of these 
IF modal logics into the suitable formulation of IF first-order logic. L4 is 
the logic IF(ST?(ML)). The standard translation needed for the logics L1, 
Lə and Ls introduces distinct quantified variables for any two nested modal 
operators. The standard translation of L3 further construes propositional 
connectives as restricted quantifiers. 


— 
— 


— 


— 


4.3 Structurally determined IF modal logic 


Our framework generates fragments of IF first-order logic. They may be 
hard to parse. Therefore we aim at characterizing the logic IF(ST?(ML)) 
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| || Basic mod log. in | Translation into Jx; can be indep. of 


le FO in NNF Va, if betw. Va; and Jz;, 


no V or enki Appears 


FO in NNF 


Pix SPF rons | Wa, nar 
Di FO* in NNF es if Ti z x; and 
betw. Va; and Jz;, 


TABLE 1. Results of different instantiations of the three parameters. 


in terms of a more transparent, modal machinery. We wish to structurally 
determine a modal logic—IF modal logic’ with a modal syntax—by singling 
it out as the logic X such that its translation ST™ (X) into the 2-variable 
fragment IF? of IF first-order logic coincides with the result of applying the 
IF procedure (/7p) to the FO?-translation of ML: 


ST? 


ML => ST?(ML) c FO? 
JF hor 
N IF(ST?(ML)) c IF? 


1i 
x © STX) 

In want of better terminology, we will refer to the language X as ‘structurally 

determined IF modal logic’ (and will denote it by IFMLsp). 

As will be shown in this subsection, we will be able to find a particularly 
nice modal-like presentation for the IF modal logic X: a presentation as a 
modal-like logic with a compositional semantics. We do not wish to suggest 
that this would be an integral part of our proposed framework of structurally 
determining modal logics. E.g., for IFML and EIFML,, we do not have 
such a Tarskian compositional characterization, and neither are we aware of 
a possibility of obtaining one (except by formulating a non-Tarskian modal 
‘trump semantics’, i.e., by doing to the relevant IF modal logics what Hodges 
did in [Ho197a] to IF first-order logic). 

Let us define the syntax and semantics of a modal-like logic, which turns 
out to be the logic X structurally determined above (see Proposition 4.2). 


Syntax. A class of formulas is generated by the two grammars A and B: 
a p | >p | (a Va) | (a ^a) | Sa | Oa | m6 
B == @a| (aV B) | Va) | (8V8) | (aA) | (BAq) | (8^8), 


where p € prop. The two grammars generate the formulas of a logic we 
refer to as IFMLg,. The formulas a are said to be closed, and the formulas 
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GB open. If p is a formula, all tokens of @ not subordinate to a token of W 
in y are called free. If p is open, all its free tokens of @ become bound by 
the outmost token of W in My. For instance, @p is open; and B(@p V #¢) 
is closed, the two tokens of @ being bound by the unique token of W. We 
stipulate that the formulas of the structurally determined IF modal logic, 
IFMLsp, are the closed formulas of IFML&p (i.e., the formulas generated 
by the grammar A). Note that the reason why the grammar B contains 
both clauses (a o 3) and (30a) with o € {A,V} is simply ‘aesthetic’: we 
wish that the conjunctions and disjunctions of formulas of which one is open 
and the other is closed, can be formed in either order. 

The operators W and @ will be referred to as ‘black box’ and ‘black 
diamond’, and the operators O and © as ‘white box’ and ‘white diamond’. 
Intuitively, @ is the ‘independent diamond’, and it will by definition be 
independent precisely of the token of W that binds it. For its part, this 
logic will hence illustrate that the relations ‘being bound by’ and ‘being 
logically dependent on’ need not coincide; this point is made in a more 
general context by Hintikka [Hi,97]. 


Semantics. For every y € IFMLgp, a satisfaction relation 


DM, I, 2, w FY 


is defined, where M = (M, R, V) is a modal structure and w € M is a state 
as usual, and furthermore, I : {0,1}* — M is a token valuation, and Tis a 
binary string: 7 € {0,1}*. Here, 0 and 1 should be intuitively thought of as 
the choices left and right, respectively, made when interpreting propositional 
connectives (A, V). Observe that given a formula y, a binary string i1... in 
determines a subformula w of y, namely the formula yielded by starting to 
go through, outside-in, the propositional connectives of y and choosing for 
the j-th connective encountered left or right according to whether t; is 0 
or 1. The process stops either because there are no more connectives to go 
or because all the n choices have been made. The determined formula W% is 
the subformula reached by the process. 

In providing the semantics of formulas of the form $y, the token valua- 
tion I will be used. The idea is that J will yield states interpreting particular 
tokens of @, the tokens being identified precisely in terms of binary strings 
t € {0,1}*. Hence, in particular, the state interpreting the token of @ pre- 
fixing @y is determined by J; and in general the valuation J has been chosen 
already earlier in the evaluation (namely, when interpreting the closest su- 
perordinate W), so that the state to interpret the token of @ in question has 
been determined, as it were, in advance. The truth conditions of literals 
and formulas of the forms O and © do not make use of the components I 
and 7 of the models; by contrast, the components J and 7 play a key role in 
the rest of the clauses: 
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MI,7wep if weV(p) 
MIliwe-p if wéV(p) 


MIiwe Oy if for some v with R(w,v): M, I,7,v Ey 

MItwEOy iff for every v with R(w, v): M, I, t, v = yp 
M, I, n, w = (YV p) if M,I,O,wH yp or M, I, l, w| ọ 
M, I, tr, w = (Y^p) if M,I,W,w}H y and M,I, l, w H y 


M, In, w H My iff for some I’: {0,1} — M: M, l'7, w H} Oy 
Ii,wE@yp if R(w,I(@)) and M,I,7, I (1) = ọ. 


It should be observed that for the token valuations in IFMLg,-seman- 
tics, what really matters are the free occurrences of the black diamond in 
a formula. It can easily be checked that if (relative to an initial string 7) 
the free occurrences of @ in y are those identified by the strings in the 
set S C {0,1}* (which is necessarily finite), then if for some I, we have 
M,I,7,w = ọ, actually M, T’,7,w H vy holds for any I’ such that for all 
J€ S, T (7) = I(J). In particular, the satisfaction condition does not require 
that we have I’(z) = I(@), unless 7 € S. It follows that the semantic clause 
for the black diamond need not be phrased in terms of quantification over 
token valuations: to evaluate Wy, it suffices to choose a fixed finite number 
of states: as many states as there are free occurrences of @ in y to be 
interpreted. Let us write WM, w = y to express the following condition: for 
all token valuations I : {0,1}* —> M and all strings 7 € {0,1}*, we have 
M,I,7,w H p. Now note that if the IFML8,-formula y is closed (i.e., if 
p € IFMLsgp) and for some I and 7, we have M, I,7,w = y, then actually 
M, w = y holds. Formulas of IFMUsp are in this respect like sentences 
in first-order logic: if satisfied under one assignment, they are satisfied 
under all assignments. Their being satisfied is entirely independent of the 
assignment. By contrast, for open IFMLgp-formulas the token valuations 
and the binary strings have a crucial relevance. Formally, free tokens of 
@ (as identified by certain strings) bear resemblance to free variables, and 
the valuations to variable assignments; in the presence of free variables the 
satisfaction conditions of first-order logic are of course essentially dependent 
on the assignments. 


4.4 Standard translation 


In this subsection we show that the modal-like logic IFMLsp is equally 
expressive as the logic IF(ST?(ML)) specified in Section 4.2. This result 
is interesting, because it shows that this fragment of IF first-order logic 
indeed can be given a Tarskian semantics, in the sense specified in Section 
4.1, unlike the full IF first-order logic. To be precise, in the compositional 
semantics we designed for IFMLg,p, the interpretation |p| of a formula 
y in a modal structure IN = (M, R, V) is, in effect, a set of (n+ 1)-tuples of 
elements of M, where n is the number of free tokens of the black diamond in 
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p, the remaining member of the tuple simply specifying the state w relative 
to which the formula is evaluated. Hence the analogue of [Ca;Ho,01, Cor. 
6.2] does not hold for the logic IFMLgp: we need not climb to the level 
of the powerset of the domain to obtain a compositional semantics; for any 
formula of IFMLgp, a fixed Cartesian power of the domain suffices. 

Basic modal logic has a translation into the 2-variable fragment of first- 
order logic. The class of closed IFMLgp-formulas, that is, IFMLsp, has 
an analogous property. Concretely, the following map ST a : IFMLsp — 
IF? provides a canonical translation of IFMUsgp into the 2-variable frag- 
ment of IF first-order logic. For all a, 3 € {x,y} with a 4 p, define: 


STIF (p) = Pa, 
STIF (=p = Pa, 
STZ ((po Y)) = (ST (p) o STF (Y)) ifo € {V, A}, 


) 
B(RaB ^ ST (¢)): 
= V6(RaB — STF (y)), 
STF (ey) = (38/a)(Ras A ST B ()), 
STF (gy) = STF (Oy). 


WM 

H 

[a 

"j 
— 

© 
6 
Wwe wa ma wo wa LD 

II 

WwW 


Clearly, if y is a closed IFML2,,-formula, then STF (y) is an IF?-formula 
with exactly one free variable, x. The map STF provides a translation: 


Proposition 4.1. For every formula y € IFMLsp, modal structure M, 
and state w: M,wH gy if MFO, w H STF (%9). 


Proof. The proposition can be proven by induction on the structure of closed 
formulas. Observe that the formulas prefixed with W are of the form Hy, 
where w is obtained by conjunction and disjunction from closed formulas 
and formulas of the form #6, where 0 is closed. Q.E.D. 


Further, the following ‘commutativity’ result holds, establishing that 
IFMLsp actually is the logic X structurally determined above: 


Proposition 4.2. Syntactically, STI’ (IFMLgp) = IF(ST2(ML)). 


Proof. The inclusion from left to right: Let p € IFMLsp be arbitrary, 
and let ~~ be the ML-formula resulting from y by turning all its black 
boxes and black diamonds into their white counterparts. Clearly STF (y) 
is obtained by the IF procedure from ST?(y~). The inclusion from right 
to left: Let y € ML be arbitrary, and let w* be any result of applying the 
IF procedure to ST? (y). Since ST? (7) € FO’, Wt is a formula of IF’. 
Any independence indication appearing in w+ must be in a context of the 
form (3a/ß), where 8 is bound by a universal quantifier VG. Let, then, 
w* be the result of having turned all those white diamonds © in w black, 


— 
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that correspond to an existential quantifier in ST2 (y) which has become 
slashed via the IF procedure leading from % to wt; and having also turned 
all those white boxes O in w black, that correspond to a universal quantifier 
in ST? (y) binding the slashed variable of some existential slashed quantifier 
in y+. It is easy to see that STI¥ (YX) is, by syntactic criteria, identical to 
the formula yt. Q.E.D. 


4.5 Expressive power 


The expressivity and decidability properties of the logic IFM Lsp are ex- 
tensively studied in [Tu1Se206]. Without entering into details concerning 
the expressive power of IFMLsp, let us take an example. 


Example 4.3. Consider evaluating the closed formula y := B(@pV @q) at 
the root w of the modal structure Wt depicted in Figure 3. Let Ig be any 
token valuation and 7 any binary string. We claim that M, Io, t, w = y. To 
see this, choose I so that [(#0) = vı and I(71) = v2. (Choosing a valuation 
I corresponds to picking out, as it were beforehand, states interpreting the 
two black diamonds @ that can come across later in the evaluation.) It 
suffices to check that M, I, t, w = U(@p V 9). 

For this to hold, it must be possible to partition the set {u1,...,us} 
into two cells (corresponding to the choice left or right for the disjunction 
symbol), so that if uj belongs to one of the cells, then M, 1,70, u; =| @p; 
and if uj belongs to the other cell, then IN, J,71,u; = @q. Let the cells be 
{u1, u2} for left, and {u3, u4, us} for right. Then the above conditions hold 
indeed: the former, since I(20) is accessible from all states in the former 
cell, and p is true at (70); and the latter because I(71) is accessible from all 
states in the latter cell, and q is true at I(71). The above reasoning shows, 
then, that M, w H vy. Observe that the formula y can be written in the 
syntax of IFML as O((0/1)p V (©/1)q). 


For a further example of what can be expressed in terms of IFMLgp, 
let n > 2 be arbitrary, and think of the formula Yn := 


M(@TV...V@T). 
ee 


n—1 times 
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Evaluated relative to a modal structure M = (M, R,V) at a state w, the 
formula asserts, in effect, that the set {v : R(w,v)} can be partitioned into 
(at most) n — 1 cells in such a way that the elements in each cell have a 
common successor along the relation R. Actually the truth condition of y 
can be expressed by the first-order formula yi, := 321.. . Izn-ı1Yy(Rzy > 
(Ryzı V...V RyZn—1)). The formula y’, is in the (n + 1)-variable fragment 
of FO. On the other hand, it is not difficult to see (by reference to a pebble 
game argument?) that y’, is not equivalent to any formula in the n-variable 
fragment of FO. Hence the greater the number n is, the more variables are 
needed to translate the formula yn into first-order logic. As a consequence, 
we may infer the following fact: 


Fact 4.4. For all n < w, IFMLsp £ FO”. 


Furthermore, we observe that for all n > 2, the maximum number of 
nested modal operators in Yn is 2. Yet whenever n’ > n, the formulas Yn 
and Yn are not equivalent. So we have: 


Fact 4.5. For IFMUsp, it is not the case that up to logical equivalence, 
there are only finitely many formulas of a given modal depth. 


It may be noted that Facts 4.4 and 4.5 are in a striking contrast to 
the case of basic modal logic, which is translatable into FO”, and has the 
property that the number of pairwise non-equivalent formulas of any given 
modal depth is finite. (For the latter fact, see, e.g., [BldRVe101, Proposi- 
tion 2.29].) These and other unorthodox properties of the modal-like logic 
IFMLsp might suggest that it should be of a rather marginal interest as 
a modal logic; even its status as a modal logic might thus be questioned. 
However, it is proven by the present authors in [Tu;Se206] that satisfiabil- 
ity and validity problems of IFMLsp are decidable in PSPACE. Hence 
this expressive logic shares with basic modal logic a good deal of its nice 
computational properties. So we see that the distribution of ‘desirable’ and 
‘undesirable’ properties may, in modal-like logics, be rather surprising. Ac- 
tually, one of the most interesting negative properties of IFMLsp is its 
non-translatability into the guarded fragment of first-order logic, proven in 
[Tui Se206). 


5 Collapse of diversity 


Two ways to approach independence friendly modal logic have been dis- 
cussed: one leading from IFML to EIFMLy,, proceeding via adding inde- 
pendence indications to modal operators much in the same way as is done 


8 As a reference for the usage of pebble games G}, (M,a,N,b) to characterize equiva- 
lence of structures up to quantifier rank < m relative to FO”, see, e.g., [EbF1299, pp. 
49-50]. 
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in IF first-order logic—the other way being via adjusting several parameters 
in such a way that an independence friendly logic gets structurally deter- 
mined. It is fairly evident that the three logics considered here differ in 
their expressive power. In fact, we have IFMLsp < IFML < EIFML«,. 
(For what is known and what is conjectured about the relations of these 
logics, see Tables 2 and 3 in Section 6.) By contrast, we now show that in 
some cases—in fact in cases that are extremely common in modal logical 
contexts—the expressive powers of these logics coincide. 

Let us begin with a couple of definitions. If M is a set and R C M 2 isa 
binary relation, let us write R* for the transitive closure of R, and R* for 
the reflexive transitive closure of R. The structure (M, R) is a tree, if (i) 
there is a unique element r € M such that for all x € M, R*ra; (it) every 
element of M has a unique R-predecessor; and (iii) R is acyclic, i.e., there 
is no g such that Rt xx. Let us say that a tree is branching, if no x € M has 
precisely one R-successor (no element has ‘out-degree’ equal to 1). Hence in 
a branching tree every element has either no R-successors at all, or has at 
least two R-successors. A k-ary modal structure M = (M, Ri,..., Rk, V) is 
(branching and) tree-like, if the structure (M,U,<;<; Ri) is a (branching) 
tree. A tree-like k-ary modal structure Wt is proper, if for all x,y € M 
and all 1 < i,j < k: [(a,y) € Ri and (x,y) € R;] implies i = j. That 
is, in a proper tree-like structure no vertices are connected by more than 
one relation out of the k available ones. Define Tree, as the class of all 
proper branching tree-like k-ary modal structures. Note that by virtue of 
clause (iii) in the definition of tree, all accessibility relations Ri,..., Rp of 
a structure D € Tree, are irreflexive. 

We will prove that all logics IFML, EIFML, and IFMLsp coin- 
cide with basic modal logic (and hence with each other) relative to the 
class Treep. Consider first EIFML,. If gy = O1...Ony E€ EIFMLg, 
Oz41 = (O4:...5,/t1,.-+54m) and [x, z] C {t1,...,im}, we say that the op- 
erator O,41 involves independence of a continuous block of predecessors. 
This terminology makes sense: by assumption O,, 1 is indicated as inde- 
pendent from its immediate predecessor Oz, from the predecessor O,_1 of 
O, etc., (at least) until Os. (The smallest number among i1,...,i may 
well be smaller than x, while its greatest number must be z, since the in- 
terval [x,z] is included in {i1,...,im}.) In what follows, we will rewrite 
any operator (©j,..j,/i1,.--,im+4m’), as given by the syntax, in the form 
(Oji...jy/i1;-- -sim t4- - -s im), Where the integers 41,...,im refer by stip- 
ulation to modal operators, and the integers 7{,...,2/,, to propositional 
connectives. 


Lemma 5.1. (a) If p € EIFMLg, let y7 be the result of replacing all inde- 
pendent diamonds (©), ...j,/i1;-- -s îm, t1,- - -> im) in y by the corresponding 


diamond (©;,...j,/i,,..-,,/) involving no independencies of modal opera- 
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tors. Relative to Treek, p is equivalent to y. (b) If no diamonds in 
p € EIFML, contain independencies of modal operators, let y~ be the 
result of replacing all independent diamonds (©j,...;,/%1,--+5 im) in y by 
the simple diamond ©j,...;,. Relative to Tree;,, p is equivalent to y7. 


Proof. (a) Let M € Tree, and w E€ M, and assume that M, w = y. Sup- 
pose ọ contains a diamond Oz41 = (Q;ji...jy/i1;-- -sim ty ++ +5 Ùn) involv- 
ing independence of a continuous block of predecessors O,,...,O, such that 
Oz = Oji...ja. Suppose a play proceeds to evaluating the operator Oz+1. 
Then the strategy function oz+1 corresponding to O,41 given by J’s win- 
ning strategy (which exists by assumption) satisfies: oz+1(po, P1,- -, Pz) = 
Oz+1(Po,P1---,p,), where the sequence of choices from the domain asso- 
ciated with py is ¢ = (w,wi,...,w,) and the one associated with p% is 
s’ = (w,w},---, wy), and wr # wi. (This is because It € Freep is branch- 
ing and so in the two plays V has chosen pairwise incomparable and hence 
distinct states when choosing for the box O,.) But this is impossible, since 
in a tree no distinct nodes can have a common successor and so o,41 cannot 
be a strategy function involved in a winning strategy. 

If the longest possible continuous block of predecessors of O,41 contains 
only diamonds, then O,4; may trivially be replaced by (©j,...;, /t5--«5 tm): 

Finally, if y contains no operator involving independence of a continuous 
block of predecessors, then all operators (©;;...j,/i1;-- -îm i1- --,îm) in 
y satisfy: either the list 71,...,%m is empty, or subordinate to the closest 
box (if any) identified by an integer in the list, there is a modal opera- 
tor superordinate to the diamond and not identified by any integer in the 
list. Hence, if wy is the most recent choice from the domain made be- 
fore arriving at the position where 4 must make a choice for the diamond 
(Oj1...3,/t1y +++) im, t1s--- im), then, to put it intuitively, 3’s move for the 
diamond is allowed to depend on wr. But there is a uniquely determined 
path in the tree-like structure M leading from w to wr, whence J can infer 
all previous choices made in the relevant partial play. Hence the diamond 
(Oji.jy/i1--- im, t1- -- îm) may, without changing the truth condition, 
be replaced by (Og.4 [Vise sen im) 


(b) Let u be the distribution of modality types associated with y. Sup- 
pose that W, w = y. Consider a diamond (0;,...;,/7,---,%n7) appearing in 
p. (If none exists, there is nothing to prove.) If the indicated independen- 
cies from conjunctions correspond, as determined by u, to the requirement 
of reaching one state along several accessibility relations, then 4’s winning 
strategy in G(y, Mt, w) will choose such a state. But this is impossible, 
because Wt is a proper tree-like structure and hence no such state exists. 
On the other hand, if the indicated independencies from conjunctions cor- 
respond to making a choice along one and the same accessibility relation 


irrespective of what the choices for those conjunctions were, then the inde- 
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pendent diamond can be replaced by the simple diamond. Finally, if in the 
diamond considered there are only independencies from disjunctions, the 
formula says the same as the result of replacing the independent diamond 
with a simple diamond. Q.E.D. 


Recall that ML, stands for the polymodal basic modal logic, evaluated 
relative to k-ary modal structures. We are in a position to prove: 


Theorem 5.2. (a) For all k > 1, EIFML, coincides with ML, over Treep. 
(b) Both IFML and IFMLsp coincide with ML over Tree . 


Proof. Statement (a) follows by Lemma 5.1; and statement (b) by an argu- 
ment exactly like the one presented for item (a) in the proof of Lemma 5.1. 
Q.E.D. 


The class of tree-like structures is omnipresent in modal logic. In partic- 
ular, any ML-formula that has a model at all, has a tree-like model. (Cf., 
e.g., [BldRVe,01, Proposition 2.15].) The class free, discerned above is 
quite representative a subclass of all tree-like models from the viewpoint of 
basic modal logic. (It is not difficult to see that any satisfiable polymodal 
formula y € ML; is satisfied in a structure M € Freep.) Hence it is of in- 
terest to see that the additional expressive power of the IF modal languages 
discussed in the present paper does not lie in their capacity to distinguish 
such tree-like models. Relative to Tree, the three logics do not exceed what 
already their common core, basic modal logic, is able to express. 

There is, at least tentatively, a positive methodological side to our neg- 
ative expressivity result. Namely, one can propose to turn the tables and 
suggest that a result such as Theorem 5.2 points to a feature that any IF 
version of basic modal logic should exhibit.? That is, results of this type 
can be used in assessing the general question as to the ‘nature’ of IF modal 
logics. From this perspective, indeed it seems reasonable to require that 
IF modal logics of the appropriate kind precisely should coincide with basic 
modal logic on the class of trees discussed; if a logic does not, it cannot be 
properly called an IF modal logic in the sense intended. This systematic 
idea alone brings some order in the manifold of different logics that could 
conceivably be termed IF modal logics. However, it must be noted that 
deciding the precise characteristics of a family of logics, such as IF modal 
logics, is bound to leave some room for discussion; the same holds for the 
acceptance criteria of any exclusive club of logics—modal, first-order, or 
what not. What is more, when applying the framework introduced in Sec- 
tion 4, we need not choose a fragment of basic modal logic as the class of 
modal formulas we start with. Choosing for instance basic tense logic, or 


9 We are indebted to the anonymous referee for pointing out this positive side of our 
negative result. 


Approaches to Independence Friendly Modal Logic 277 


first-order modal logic, will likewise result in a system that can, in a generic 
sense, be termed an IF modal logic. And such logics need not satisfy any 
specific conditions that may be necessary for IF modal logics corresponding 
to some different choice of input modal formulas; for instance, there is in 
general no reason why they should meet the conditions that IF modal logics 
emerging from basic modal logic actually satisfy. 


6 Concluding remarks 


In this paper we aimed to discuss two different ways of formulating indepen- 
dence friendly modal logic. To achieve this, we began by surveying and fur- 
ther studying IF modal logics of one of these two kinds, i.e., those obtained 
from basic modal logic by introducing a suitably interpreted slash device 
to the syntax (Sections 2 and 3). Now one respect in which modal logic 
differs from first-order logic is that syntactically, modal operators do not 
carry variables, whereas quantifiers do. When subject to suitable syntactic 
restrictions, these variables can easily be employed in referring to particular 
tokens of quantifiers, whereas no similar syntactic mechanism is available 
in standard modal logic. This is why in the approaches such as those dis- 
cussed in Sections 2 and 3, one must introduce an identification method by 
means of which to single out those tokens of modal operators from whose 
logical (priority) scope one wishes to exempt, say, a given diamond. On 
conceptual grounds one might find introducing such identification methods 
into the syntax less than fortunate. One could argue that independence is 
a relation between (syntactically manifest) variables, and suggest that since 
modal syntax does not offer any such variables, it does not really make sense 
to attempt formulating an IF modal logic. According to such a viewpoint, 
adding for instance indices to modal operators to make reference to tokens 
of such operators possible, would be an ad hoc move from the perspective 
of what modal logic is about. 

The present authors do not share the ideas on which such a critique 
is based. We hold independence to be a relation between tokens of logi- 
cal operators, not first and foremost between syntactically manifest vari- 
ables. However, we hope to have made it clear in Section 4 that even if 
independence was considered precisely as a relation between variables, an 
independence friendly modal logic analogous to IF first-order logic can be 
defined by considering fragments of IF first-order logic. This is the frame- 
work of the IF modal logics of the second kind considered in the present 
paper. The particular fragment to which we gave attention, the result of 
taking the standard translation of ML into FO’, and applying a certain 
IF procedure to the resulting class of first-order formulas, even turned out 
to be of further interest. Namely, we found a modal-like logic IFMLsp, 
with a compositional semantics, capturing the relevant subfragment of (the 
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Satisfabilty | Validi 
ME | L<FO | PSPACE __| PSPACE 


ML < L < FO”, 
IFML < PEREXP | PSPACE 
IFMLsp Z L < eE 


zo | 


ANA R ETA R >} 7 
| EIFML- | L £ FO undecidable | = =? | 


IFMLsp | L ae z u a PSPACE | PSPACE 


TABLE 2. Known results on (IF) modal logics. 


ME | [PSPACE] 
[EIFME |__| PSPACE ] 


PEIFME- | | PSPACE ] 
FMis FMi Z| | 


TABLE 3. Conjectures on IF modal logics. 


2-variable fragment of) IF first-order logic. 

Table 2 lists the main results known about the various logics discussed 
in the present paper. EIFML- stands for the polymodal EIFML,, one of 
whose accessibility relations is rigidly interpreted as equality. In Table 3, 
some conjectures about the various IF logics are presented. The conjecture 
to the effect that IFMLpr, cannot be translated into IFM Lsp holds fairly 
obviously, but the requisite tool called for by the standard proof technique 
(viz. an appropriate bisimulation relation) has not as yet been formulated 
in the literature. 

Although we feel that the logics discussed and studied in the present 
paper are interesting in their own right, we think that more generally, they 
help to see the interest of the grand program of independence-friendliness 
in logic—that is, repairing Frege’s fallacy also outside of first-order logic. 
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Abstract 


Team logic is the logic of functional dependencies. We define the 
basic logical operations of team logic, establish its relationship with 
independence friendly and second order logic, and give it a game 
theoretic characterization. 


1 Introduction 


Let a vocabulary! L and an L-structure M with universe M be given. In 
this paper we study functional dependencies in M. This is in contrast to the 
traditional approach in logic of studying relational dependencies in M. Our 
atomic dependence relations state the existence of a functional dependence 
without giving any definition for the function that carries the dependence. 
This gives the whole topic a second order flavor. It seems to the author that 
although functional dependence in databases has been studied (starting with 
[Ar74]), a general theory of more complex types of dependence is new. (For 
a more detailed recent study, see [Va07].) Our theory is based on [Ho,97b] 
and [VaHo,0o]. 

If L has an n-ary function symbol f, there is immediately an apparent de- 
pendence relation in M, namely the dependence of each a = fM (a1,..., Gn) 
on aj,...,dn. If the function fM is constant, the dependence is of a sin- 
gular kind, not commonly called dependence on a1,...,@n at all. On the 


* This paper was written while the author was a guest in the Newton Institute (Cam- 
bridge, U.K.) as part of the special program Logic and Computation. The author 
is grateful to the Newton Institute for its support. Research was also partially sup- 
ported by grant 40734 of the Academy of Finland. I am indebted to the referee for 
pointing out some inaccuracies and suggesting improvements, and to Fred Oakley for 
permission to use the photo in Figure 2. 

1 The vocabulary may contain constant, relation and function symbols. 


Johan van Benthem, Dov Gabbay, Benedikt Löwe (eds.). Interactive Logic. Proceedings of 
the 7th Augustus de Morgan Workshop, London. Texts in Logic and Games 1, Amsterdam 
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other hand, if the function is one to one, we have a dependence that is so 
perfect that it can even be reversed. In this case dependence is carried by a 
function that has a name in the vocabulary. In general we have completely 
abstract functions carrying the dependence with no name in the vocabulary 
and even no definition in the language, what so ever. 

If L has an n-ary relation symbol R, there is a relational dependence rela- 


tion in M, namely the mutual dependence of aj,...,@, such that 
(a1,...,@n) E RM on each other. However, even if such a relation be- 
tween the elements a,,...,@, binds the elements together in an obvious 


sense, it need not in general be a (functional) dependence in the sense of 
the current approach. 

Team logic is the logic of (functional) dependence. We define the basic 
concepts of team logic and use it to analyze dependence. The negation- 
free part of team logic turns out to correspond naturally to independence 
friendly logic and thereby to the existential part of second order logic. Team 
logic itself can be seen as being the natural closure of independence friendly 
logic under (classical) negation. In expressive power team logic is in a 
natural sense equivalent to full second order logic. We give a game-theoretic 
characterization of team logic by means of an appropriate Ehrenfeucht- 
Fraissé game. 


2 Agents and teams 


An agent is any finite mapping s from a domain dom(s) into M. Elements 
of dom(s) are called features or fields, sometimes attributes, depending on 
the application”. Unless stated otherwise, to be specific, the domain of an 
agent is a finite set of natural numbers. The modification s(a/n) of an agent 
s maps n to a but agrees otherwise with s. The value of a term t, built up 
from variables x, and symbols of L, on an agent s is the element t(s) of M 
defined in the usual way by c(s) = c, zns) = s(n), and ft,...tn(s) = 
f“(ti(s),...,tn(s)). For this to make sense the domain of s has to contain 
n whenever £n occurs in t. 

Building on [Ho 97a] and [Ho197b] we take the position that dependence, 
just like any other pattern, cannot be manifested by one event, observation 
or agent (which is our terminology) but needs a series or a group of events, 
observations or agents. We call these series or groups manifesting depen- 
dence teams. 

A team (see Figure 1) is any set X of agents with the same domain 
dom(X). Table 1 presents a generic team in the form of a table. Here are 
some examples of teams: 


2 Agents are also called assignments or tuples. If we think of an agent s as an assignment, 
the elements of the domain are variables £n or their indexes n, depending on how values 
of terms are defined. 
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Features 


TABLE 1. A generic team as a table. 


2 


FIGURE 1. A model with an assignment and a model with a team. 


Team 1 A team of human genomes (Figure 2). Here the agents are in- 
dividual genomes of individual people. The fields (or features) are 
the individual genes that are observed. Potentially there are tens of 
thousands of possible fields to consider, and billions of agents. If we 
add to such a team new fields related to medical data of the person 
in question, we get a team the dependencies of which may give cru- 
cial data about the role of hereditary factors in medical science. For 
example, we may ask: 


1. Does a certain gene or gene combination (significantly) determine 
a given hereditary disease in the sense that a patient with (a fault 
in) those genes has a high risk of the disease? 


2. Is a disease totally dependent on a gene in the sense that ev- 
ery gene combination that (significantly) determines the disease 
contains that particular gene. 


3. Is a gene (merely) dependent on a gene in the sense that the 
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disease is (significantly) determined by some gene combination 
with the gene but not without. 
Is a disease totally independent of a gene in the sense that no gene 


combination that (significantly) determines the disease contains 
that particular gene. 


Is a gene (merely) independent of a gene in the sense that some 
gene combinations (significantly) determine the disease without 
containing that particular gene. 


FIGURE 2. A piece of a team of genomes. 


Team 2 Game history team: Imagine a game, any game. Game moves 
are the features of this team, plays are the agents, and a collection of 
plays is a team. Thus a player is identified with his or her behavior in 
the game. It may be relevant to know answers to the following kinds 
of questions: 


1. 


What is the strategy that a player (e.g. “Nature”) is following, 
or is he or she following any strategy at all? 


. Is a player using information about his or her (or other players’) 


moves that he or she is committed not to use? 


Team 3 Every formula Y(z1,..., £n) of any logic and structure M give 
rise to the team of all assignments that satisfy y(x1,..., £n) in M. 
This is a definable team and perhaps the most obvious team arising in 
logic. It may manifest functional dependencies on the structure, and 
depending on the logic, these dependencies can or cannot be expresses 
in the logic. 
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Team 4 Every first order sentence y and structure M give rise to teams 
consisting of assignments that arise in the semantic game of y and M. 
If M E yọ and the winning strategy of II is 7, a particularly coherent 
team consists of all plays of the semantic game in which II uses 7. 
The same holds of independence friendly logic of [Hi,96]. 


Team 5 A team of robots building a car. Each agent s, i.e. robot, has 
features encoded by the function s. For example, if the domain of the 
agents is 


{reach, payload, joint range, speed, weight, paints, welds}, 


we can have a team as in Table 2. Here weight depends on the payload 


robot E payload m hes) weight paints welds 
(mm) ks) (°/sec) Ks) 


TABLE 2. A team of robots 


but not on speed as robots 3 and 4 have the same speed but different 
weight. Note that the team can be divided into two subteams one of 
which paints and the other does welding. This team raises the issue 
whether a team can have two agents with exactly the same values on 
all features. According to our definition the two agents are in such a 
case the same. So the above table describing the team is misleading. 
Robots 1 and 2 are the same, as are robots 5 and 6. If we added the 
robot number to the domain, the robots would all be different agents. 
This indicates an extensionality phenomenon in our approach. 


3 Dependence types 


Our starting point was the idea that teams can manifest dependencies. The 
different ways that this happens give rise to the concept of a dependence 
type? that we now define. Some dependence types are of an atomic nature 
in that they are not decomposed further into smaller dependence types. The 
atomic types are 


3 Types correspond to formulas. We use the word ‘type’ to emphasize the difference 
between truth and dependence. 
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t= t: Every agent s € X satisfies t(s} = t’(s). The team of Table 3 
is of type x3 = 24. 


at = t: Every agent s € X satisfies t(s) 4 t(s). The team of Table 3 
is of type n£z = z4. 


Rt,...tn: Every agent s € X satisfies (t1(s),...,tn(s)) € RM. The 
team of Table 3 is of type £2 < x4. 


ARt,...tn: Every agent s € X satisfies (t1(s),...,tn(s)) € RM. The 
team of Table 3 is of type 724 < 2. 


=(t1,...,t,): Every two agents s,s’ € X that satisfy 


tn—1 (s) = tn-1 (3), 


also satisfy tn (s) = tn(s’). This type is called the dependence type. 
The team of Table 3 is of type =(x1, £2) but not of type =(x2, 21). 
There are two special cases. The first is =(t). This is the type of 
teams in which the value of t is constant. Team 5 above is of type 
=(reach). The second special case is the type =(). This is the type 
of all teams what so ever and is given a special symbol T. 


4=(t),...,tn): This is the type of the empty team Ø. This should 
be distinguished from the type of an “impossible” team, that is, the 
type which is not the type of any team what so ever. We shall return 
to this type later. The reason for allowing only the empty team to 
be of the type 7=(t1,...,tn) is the following: We want types to be 


closed downwards. If a non-empty team was of type ~ =(t1,...,tn), 
there would have to be a singleton team {s} of the same type. But 
singleton teams are always of type =(t1,..., tn). 


The types t = t’, =at = t', Rt, ...t, and “Rt, .. . tn occur in [Ho197a] and 


[Ho,97b]. The dependence type =(ti,...,tn) is introduced in [VaHoj 00]. 
The empty team is of every atomic type, in particular both of type t = t' 
and =at = t. From atomic dependence types we can build more complex 
ones with team operations, which are the following: 


e Negation ~y: The team is not of type y. The team of Table 3 is 


of type ~=(x2,271). Note that ~Rt,...t, is quite different from 
—Rtı ...tn. The former says some agent s in the team fails to satisfy 
(ti(s),...,tn(s)) E€ RM, while the latter says all fail. Even more 
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1 2 3 4 
10 10 
10 
10 
11 
11 


23 4 


4 
10 


TABLE 4. Two teams in (N, <). 


dramatic is the difference between ~ =(t1,...,tn) and = =(t1,..., tn). 
The former says some s and s’ in the team give the same value to 
(ti... tn—1) but a different value to tn, while the latter says there 
are no agents in the team at all. Finally ~ =() is the type of no team. 
Thus we have two negations, — and ~, but the former can be applied 
to atomic types only. Its range of applicability can be extended to 
what we call ~-free part of team logic. 


Conjunction y A ~: The team is both of type y and of type w. The 
team of Table 3 is of type 73 = £4 A 7% = T4. 


Tensor y ® w: The team is the union of a team of type y and a team 
of type w. Team 5 is of type paints ®welds. This indicates the role 
of ® in expressing co-operation skills of teams. The team of Table 3 is 
of type =(x3,%2) ® =(x%3, £2), as Table 4 shows. Note that that team 
is not of type =(a3, £2). So tensor is not idempotent as conjunction 
is. 


Existential quantifier dr,y: The agents s € X can be modified to 
s(as/n) in such a way that the team {s(a,/n);s € X} is of type 
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y. The team of Table 3 is of type Jxı(xı < 22) and also of type 


U5 (a5 < x2). 


Shriek quantifier !z,y: A team X is of this type if the team of all 
agents s(a/n), where a € M and s € X, is of type y. The team of 
Table 3 is of type !a1(a1 < £3 Q £2 < 21). but not of type !ai(a2 < 
zı). 


More formally: 


Definition 3.1. Let L be a vocabulary. The set of types is defined as 
follows: If t,t’, t1,...,t, are terms of the vocabulary L, and R is a relation 
symbol in L, then the following are types 


CEI 
=t 
Rti...tn 
Rts cick: 
=(tisiee, ta) 
= (try x25 th) 


If y and w are types, then so are: 


lan. 


The concept “team X is of type p” is defined as follows: 


e X is of type t = t iff for all s € X(t(s) = t'(s)). 


X is of type =t = t' iff for all s E€ X(t(s) 4 t'(s)). 


X is of type Rt, ...tn iff for all s € X(ti(s),...,tn(s)) € RM. 


X is of type ~Rt,...ty iff for all € X(t1(s),...,tn(s)) € RM. 


X is of type =(t,... 


tn) iff for all s,s’ € X([ti(s) = ti(s')& 
. &tn—1(s) = tr—1(s’)] implies t,(s) = tn (s’)). 


X is of type 7=(t1,...,tn) iff X = Ø. 


X is of type ~y iff X is not of type y. 


X is of type yA w iff X is both of type y and of type wv. 
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e X is of type y © 4 iff X = Y UZ, where Y is of type vy and Z is of 
type Y. 


e X is of type Jxny iff there is a function s+ a, from X to M so that 
the team {s(a;/n);s € X} is of type y. 


e X is of type !zny iff the team {s(a/n):a € M,s € X} is of type y. 
We can define further types from the above ones: 


e Disjunction ọ V %: This is the type ~(~pA~w), ie. the type of 
teams that are of type ọ or of type w (or both). 


e Universal quantifier Vz,y: This is the type ~ Jzn ~ y, i.e. the type of 
teams X such that whenever the agents s € X are modified to some 
s(as/n), then the new team {s(as/n);s E€ X} is of type y. 


e Implication y — 4%: This is the type ~y V 4%. 


e Lollipop y —o wy: This is the type ~(y ® ~ Ww), i.e. if whenever it is 
represented as the union of two teams the first of which is of type ọ, 
then the other one is of type w. 


There are exactly two teams with empty domain, namely Ø and {Ø}. 
From these we get exactly four different types of teams with empty domain: 
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Definition 3.2. Suppose ¢ is a type of a team with empty domain.* We 
define M | y to mean that the team {Ø} is of type y in M. We then say 
M is of type y. 


In a sense, team logic is a four-valued logic. The dependence values of 
types y & p, pA, and ~y for types y and w of teams with empty domain 
can be readily given in terms of truth-tables: 


Here are some examples of types: The type 
=(Z0, 21) ® =(Xo, 21) 


is the type of teams in which field 1 depends on field 0 in the weaker sense 
than functional dependence that the values of field 0 determine at most 
two values one of which is the value in field 1. Table 5 is an example of 


Dv 


wEJgaawWw e e 


TABLE 5. Does salary depend on rank? 


a team which is of type =(Rank, Salary) ® =(Rank, Salary). If we denote 
=(x£0, £1) by p, we get weaker and weaker forms of functional dependence 
by considering the types 


PIP 
PIPP 
PIPEIEPEP 


4 That is, y is a ‘sentence’, it has no free variables. 
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The type 
=(x0, 21) A =(%1, £0) 


is the type of teams in which field 0 depends functionally on field 1 and 
conversely field 1 depends functionally on field 0. We could say that fields 
0 and 1 are mutually functionally dependent. The type 


“azo = L1 Q T2 = T3 


is the type of teams in which each agent s which satisfies s(0) = s(1) also 
satisfies s(2) = s(3). The type 


“To = T1 Q T2 = T3 


is the type of teams in which each agent s which satisfies s(0) = s(1) also 
satisfies s(2) = s(3). The type 


(“zo = 21 © T2 = 23) A (“T2 = T3 Q £o = z1) 


is the type of teams in which each agent s which satisfies s(0) = s(1) also 
satisfies s(2) = s(3) and vice versa. The type 


~(zo = x1) 


! xpd, ! wgda3(=(2, x3) A 
A (mto = T2 Q T1 = T3) 
N 


(=£1 = £2 © £3 = Xo)) 


is the type of teams which are non-empty if and only the underlying set M 
is either infinite or finite and of even cardinality. The type 


! goari ! z23Jz3(=(z£2, £3) A (=P xo Q (Qzı A 
(~zo = T2 & tı = x3) 


(-2%1 = £3 @ X = X2)))) 


is the type of teams which are non-empty if and only if in the underlying 
structure M the predicate P and Q satisfy |P™| < |Q™|. 


4 Modes of dependence and independence 


We shall now use the above concept of dependence type to analyze in more 
general terms different concepts of dependence and independence. 

Let X be a team with domain {m1,..., Mn} in a domain M, as in 
Table 1. There is an obvious partial order in the powerset of {m1,..., Mn}, 
namely the set-theoretical subset-relation C. We now define a new relation, 
called the pre-order of functional dependence: 
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V<W V is functionally dependent on W, i.e. features in V can be 
determined if the values of the features in W are known. 
In symbols, Vs,s’ € X((Vy € W(s(y) = s’(y)) > (Va € 
V(s(a) = s’(x))))). Equivalently: V is functionally depen- 
dent on {wi,...,Wn}, if for all y € V there is a function fy 
such that for all s in X: s(y) = fy(s(w1),.-..,8(Wn)). 


It is evident from the definition that the pre-order of functional depen- 
dence is weaker than the partial order of inclusion in the sense that every 
subset of a set obviously depends functionally on the set itself. It is more 
interesting that sometimes a set is functionally dependent on a set disjoint 
from itself, and a singleton set may be functionally dependent of another 
singleton set. Some sets may be functionally dependent on the empty set 
(in that case the feature has to have a constant value). Every set is certainly 
functionally dependent on the whole universe. 

Note that the Armstrong Axioms of functional dependence (see [Ar74]) 
state exactly the following: 


1. V < W is a pre-order, i.e. reflexive and transitive. 

2. If V CW, then V < W. 

3. fV < W and U is arbitrary, then VUU < WUU. 

4. If V < W, then there is a minimal U C W such that V < U. 


These axioms characterize completely when a functional dependence V < W 
follows from given functional dependencies Vj < Wj,...,Vn < Wn. 

Now we can define two versions of dependence, by using the pre-order 
of determination. Suppose for W N V = Ø. We define: 


V is dependent on W There is some minimal U > V such 
that UN V = Ø and W CU. 

V is totally dependent on W For every U > V such that UNV = 
@ we have W CU. 

V is independent of W There is some U > V such that UN 
V = Ø and WAU =Ø. 

V is totally independent of W For every minimal U > V such that 
UAV = Ø we have W AU = Ø. 

V is non-determined There is no U > V such that UNV = 


@. In the opposite case V is called 
determined. 
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Marlon classical 


Jack classical 
Robert rock 
Julia rock 


TABLE 6. Team of favorites. 


Note, that it is quite conceivable that two sets V and W of features are 
mutually dependent in the sense that both depend on each other. In the 
team of Table 6 we can make the following observations: star depends on 
food, since {star}<{food, drink}. On the other hand, star depends also 
on music, since {star}<{drink, music}. So star is not totally dependent 
on either food or music but it is totally dependent on drink. 

Note that the above concepts are defined with respect to the fields that 
we have in the domain. Indeed, it seems meaningless to define what inde- 
pendence means in a domain where any new fields can be introduced. The 
new fields can change independence to dependence completely. 

Here are some immediate relationships between the introduced concepts 
of dependence and independence: 


1. Every V is totally dependent and totally independent on Ø. 


2. If V is (totally) dependent on W, then V is (totally) dependent on 
every subset of W. 


3. If V is dependent on W, it can still be also independent of W, but 
not totally, unless W = Ø. 


4. V is independent of {x} if and only if V is not totally dependent on 
{x}. 

5. V is totally independent of {x} if and only if V is not dependent on 
{x}. 

If U = {u,...,Un} and V = {v1,..., Um}, let =(U, V) be the type 


m 
VAN =(U1,..-, Un, Vi). 
i=1 


This is the type of teams in which V is functionally dependent on U. It is 
clear that we can define dependence, independence total dependence, total 
independence, and non-determinedness in terms of the basic types =(U, V). 
We suggest that the types of team logic provide a proper framework for an 
analysis of the variety of different concepts related to dependence. 
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5 Team algebra 


Let D be a fixed domain and T the set of all teams with domain D. Let us 
write y + w if every team of type y is of type y and vice versa. We call 
this relation logical equivalence. The Boolean operations A, V,~ together 
with T and L obey usual laws of Boolean algebras, and the mapping 


h(y) ={X €T: X is of type vy}. 


is a homomorphism between dependence types, endowed with the operations 
A,V and ~, and the Boolean algebra of subsets of T: 


hpn) = hlp) Ah) 


hpv) = hp) UAW) 
h(~y) = T-Al(y) 
h(T) = T 

h(L) = @ 


The operation © satisfies the laws 


pew > Ye 
pE (YE = (p@y) ee 
PO(pvA) = (POY)VYyYe@) 
pet SL 
y@o > op 
1&1 < 1 
TOT © T 
but 
POA) #& (pey) le ege) 
PN(P@b) $ (PAY) Elpa) 
pyw) æ (pVY) glyo) 
pep > p 
For quantifiers we have 
Van(pAw) & Vane AVinw 
VinVEmP S&S VimVInye 
dtn(yVY~) & AtnypV rtnw 


AT yn Am P SF ILmITne 


The shriek ! commutes with every team operation except 3: 


lan ~~ S&S ~!rny 
lan(p®wv) & !any ®@!anyp 
lan(pAw) & lanyA! any 
znl VY) & !anyV! an 
! tnVEme S Vim! Ere 

! tn dame #& Atm! tne 
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Obviously, there is a lot more one can say about team algebra. 


6 Some translations 


We show that the ~-free fragment of team logic is equivalent to indepen- 
dence friendly logic. To make our result exact we choose what we believe 
is the best behaving version of independence friendly logic. This is the 
dependence friendly logic in which the quantifier 


Aan\ti...tmy 


has the meaning “there is a value for zn, functionally depending on what 
the values of t1,...,tm are, such that y”. In the original independence 
friendly logic the quantifier 


Jzn /Vr1...Vimp 


had the meaning “there is a value for zn, independently of what the values 
of £1,..., £m are, such that y”. An attempt to understand what “indepen- 
dently” might mean here led the author to the considerations of Section 4 
and eventually to the more basic concept of functional dependence. 

We can easily define a translation y +> y* of dependence friendly logic 
into team logic, but we have to assume that the formula y of dependence 
friendly logic is in negation normal form: 


=e)" = t=? 

(at = t')* = a= 

(Rty ...tn)* = Rt...tn 

(ARE, ...tn)* = Rt. ..th 

(pv y)* = poy 

(p ap)“ = oA 

(Atatoa = sen H=Gh state) 
(Vanp)* = lrn 


It is an immediate consequence of the definitions that for all M, all y, and 
all X we have 


M Hx vy in dependence friendly logic if and only if X is of type y”. 


So we may consider dependence friendly logic a fragment of team logic, and 
team logic an extension of dependence friendly logic obtained by adding 
classical negation. 
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Conversely, we can define a translation y +> yt of the ~-free fragment 
of team logic into dependence friendly logic: 


G=7)" = f=¢ 

(at = t')* = bee 

(Rij ccs ty) © = Rt...tn 

(SRE ate)? = ARt...ty 

(Sista IO. = I£m\ti,-.-,tn—-1(tn = £m), where 
Lm is not free in y 

(= th) = Jxo(729 = Xo) 

(y @ p)t = givyt 

(pAy)t = ptayt 

(Arny)t =. PA Dears O a WHEL wales Tim 
are the free variables of y other than £n 

(! any) = Vinpt 


It is again an immediate consequence of the definitions that for all M, all 
p, and all X we have 


X is of type y if and only if M /x y* in dependence friendly logic. 


The two translations y + y* and y+ yt demonstrate clearly that team 
logic is built on top of dependence friendly logic, and a fortiori, on top of 
independence friendly logic. The addition team logic brings to independence 
friendly logic is classical negation. As this paper shows this addition calls 
for rather substantial revision of independence friendly logic. 

It is well-known? that independence friendly logic can be presented in 
the existential fragment 4} of second order logic. If the same presentation 
is applied to team logic, we go up from 4} to the unrestricted second or- 
der logic. The proof of the following theorem is an easy adaption of the 
corresponding result for independence friendly logic in [Ho197a!: 


Theorem 6.1. We can associate with every type y(ai,,..., i, ) in vocab- 
ulary L a second order sentence n,(U), where U is n-ary, such that for all 
L-structures M and teams X with dom(X) = {t1,...,in} the following 
conditions are equivalent 


1. X is of type y in M. 
2. (M, X) En, (UV). 


Corollary 6.2. For every type ọ there is a second order sentence 7, such 
that for all models M we have M E if and only if M = ny. 


5 For details, we refer to [Hoi 97a]. 
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With the translation Y + 7, we can consider team logic a fragment of 
second order logic, even if the origin of team logic in the dependence relation 
=(t1,...,tn) is totally different from the origin of second order logic, and 
even if the logical operations of team logic are totally different from those 
of second order logic. 

We could draw many immediate conclusions from Corollary 6.2 and from 
what is known about second order logic. 

We have given a translation of team logic into second order logic. Now 
we give an implicit translation of second and higher order logic in team 
logic. The translation is implicit in the sense that it uses new predicates 
and an extension of the universe. However, the new predicates and the new 
universe are unique up to isomorphism. We omit the quite standard proof 
of the following result, which is essentially contained already in [En70] and 
[Kr2Lao79]. 


Theorem 6.3. Suppose L is a vocabulary and n € N. There is a type yp 
in the vocabulary L’ = LU {P, E} such that for all L-structures M there 
is a unique (mod &) M of type y with (N [ L)(P*) = M. Moreover, 
we can associate with every sentence w of second order logic in vocabulary 
L, with no second order variables of arity > n, a dependence type €y in 
the vocabulary L’ such that the following conditions are equivalent for all 
L-structures M: 


1. MEy 
2. N |= &y for the unique (mod =) M such that V = ọ and (N [ 
DP =M. 


Corollary 6.4. A second order sentence w has a model if and only if pA Ey 
is the type of {@} in some model. 


With the translation y +> ép we can consider second order logic an 
implicitly defined fragment of team logic. An explicit translation, following 
Harel [Ha179], has been constructed by Ville Nurmi. 

The decision problem of a logic is the problem, with a sentence y as 
input, whether M } y for all M. The consistency problem of a logic is the 
problem, with a sentence y as input, whether M — y for some M. The 
Lowenheim number of a logic is the smallest cardinal « such that for any 
sentence y, if M H y for some M, then M H ọ for some M of cardinality 
< k. The Hanf number of a logic is the smallest cardinal «x such that for 
any sentence y, if M | » for some M of cardinality > x, then M = ọ for 
models M of arbitrarily large cardinality. A logic satisfies the Suslin-Kleene 
Interpolation Theorem if every model class which is a relativized reduct of 
a definable model class and whose complement has the same property is 
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itself a definable model class. The A-extension of a logic is the smallest 
extension of it to a logic with the Suslin-Kleene Interpolation Theorem. For 
more details concerning these concepts we refer to [BagFep85]. 


Corollary 6.5. The decision problems of team logic and second order logic 
are recursively isomorphic (and IIg-complete, see [Va01] and Footnote 6). 
They have the same Lowenheim and Hanf numbers. They have the same 
A-extension. 


Note that the corresponding corollary for independence friendly logic 
says: The decision problems of independence friendly logic and second order 
logic are recursively isomorphic. The consistency problem of independence 
friendly logic is co-r.e. while that of second order logic is ¥2-complete®. The 
Lowenheim and Hanf number of independence friendly logic is Xo, while the 
Lowenheim number of second order logic is between the first measurable 
and the first supercompact cardinals, if such exist, and the Hanf number of 
second order logic is between the first supercompact and the first extendible 
cardinal, if such exist (see [Mao71]). 


7 Ehrenfeucht-Fraissé game 


We now introduce an Ehrenfeucht-Fraissé game adequate for team logic and 
use this game to characterize team logic. This game is nothing else than a 
“two-directional” version of the Ehrenfeucht-Fraissé game of independence 
friendly logic presented in [Va02]. 


Definition 7.1. Let M and M be two structures of the same vocabulary. 
The game EF 7,” has two players and n moves. The position after move m is 
a pair (X,Y), where X C M* and Y C N’ for some im. In the beginning 
the position is (Ø, Ø) and i9 = 0. Suppose the position after move number 
m is (X,Y). There are the following possibilities for the continuation of the 
game: 


Splitting move: Player I represents X (or Y) as a union X = Xo U Xj. 
Then player II represents Y (respectively, X) as a union Y = YoUY}. 
Now player I chooses whether the game continues from the position 
(Xo, Yo) or from the position (X1, Y1). 


6 We use the notation of Lévy [Lé65]. The Xo-formulas, which are at the same time called 
IIo-formulas, are all formulas in the vocabulary {€} obtained from atomic formulas by 
the operations ~, V, A and the bounded quantifiers dxo(xo E€ r1Ay) and Yzo(zo € xı > 
p). The =n+1-formulas are obtained from IIn-formulas by existential quantification. 
The II,41-formulas are obtained from ©,-formulas by existential quantification. A 
set P C N is called Xn-definable if there is a Un-formula y(xo) of set theory such that 
n € P <> o(n). A problem is called Sn-complete if the set itself is U,-definable and, 
moreover, for every &,-definable set X C N there is a recursive function f : N — N such 
that n€ X <=> f(n) € P. The concepts of a Hy-definable set and a II,-complete 
set are defined analogously. 
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FIGURE 3. A splitting move 


Duplication move: Player I decides that the game should continue from 
the new position 
(X(M/im),¥(N/im))- 


FIGURE 4. A duplication move 


Supplementing move: Player I chooses a function F : X — M (or 
F: Y — N). Then player II chooses a function G : Y — N (re- 
spectively, G : X — M). Then the game continues from the position 
(X(F/im), ¥(G/im)). 


After n moves the position (Xn, Yn) is reached and the game ends. Player 
II is the winner, if 


Xn is of type y in M © Yn is of type y in M 
holds for all atomic types y(ao,...,i,,-1). Otherwise player I wins. 


This is a game of perfect information and the concept of winning strategy 
is defined as usual. The game is determined by the Gale-Stewart theorem. 
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FIGURE 5. A supplementing move 


Define 
art (4) = 0 if y is atomic, 
arr (egy) = max(ar “(y), ar (%))+1, 
a AA = a a AY): 
qr (Jeny) = qr (p)+, 
art (!any) = qr™(e)+, 
qrt(~y) = arty). 


Let Type?” be the set of types y with qr™(y) < m and with free variables 
among Zo,-..,2n—1. We write M =", M, if M E ¢ is equivalent to N = y 
for all p in Type}, and M = 7, N if M =, N for all n. Note that there 
are for each n and m, up to logical equivalence, only finitely many types in 
Type,’. 


Theorem 7.2. Suppose M and M are models of the same vocabulary. 
Then the following conditions are equivalent: 


(1) Player II has a winning strategy in the game EF>"(M,N). 
(2) M =n, N. 


Proof. It is easy to prove by induction on m the equivalence, for all n, of 
the following two statements: 


3)m Player II has a winning strategy in the game EF% (M,N) in position 
y m 
(X,Y), where X C M” and Y C N”. 


(4)m If y is a type in Type, then X is of type y in M if and only if Y is 
of type y in N. 
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Corollary 7.3. Suppose M and N are models of the same vocabulary. 
Then the following conditions are equivalent: 


(1) M =m N. 


(2) For all natural numbers n, player II has a winning strategy in the game 


EF™ (M,N). 


Using the fact that there are for each n and m, up to logical equivalence, 
only finitely many types in Type?”, it is easy to prove that a model class K 
is the class of models of a type in Type if and only if K is closed under 
the relation =$p. 

From this and the above theorem we get: 


Corollary 7.4. Suppose K is a model class. Then the following conditions 
are equivalent: 


(1) K is the class of models of a type of team logic. 
(2) There is a natural number n such that K is closed under the relation 


MRN <=> Player IT has a winning strategy in EF,,”(M, N). 


We have obtained, after all, a purely game-theoretic definition of team logic. 
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Abstract 


This paper introduces and documents DEMO, a Dynamic Epistemic 
Modelling tool. DEMO allows modelling epistemic updates, graphical 
display of update results, graphical display of action models, formula 
evaluation in epistemic models, translation of dynamic epistemic for- 
mulas to PDL formulas. Also, DEMO implements the reduction of 
dynamic epistemic logic to PDL. The paper is an exemplar of tool 
building for epistemic update logic. It contains the essential code 
of an implementation of DEMO in Haskell, in Knuth’s ‘literate pro- 
gramming’ style. 


1 Introduction 


In this introduction we shall demonstrate how DEMO, which is short for 
Dynamic Epistemic MOdelling,! can be used to check semantic intuitions 
about what goes on in epistemic update situations.” For didactic purposes, 


* The author is grateful to the Netherlands Institute for Advanced Studies (NIAS) for 
providing the opportunity to complete this paper as Fellow-in-Residence. This report 
and the tool that it describes were prompted by a series of questions voiced by Johan 
van Benthem in his talk at the annual meeting of the Dutch Association for Theoretical 
Computer Science, in Utrecht, on March 5, 2004. Thanks to Johan van Benthem, 
Hans van Ditmarsch, Barteld Kooi and Ji Ruan for valuable feedback and inspiring 
discussion. Two anonymous referees made suggestions for improvement, which are 
herewith gracefully acknowledged. 

Or short for DEMO of Epistemic MOdelling, for those who prefer co-recursive 
acronyms. 

2 The program source code is available from http: //www.cwi.n1/~jve/demo/. 


= 


Johan van Benthem, Dov Gabbay, Benedikt Löwe (eds.). Interactive Logic. Proceedings of 
the 7th Augustus de Morgan Workshop, London. Texts in Logic and Games 1, Amsterdam 
University Press 2007, pp. 303-362. 
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the initial examples have been kept extremely simple. Although the situ- 
ation of message passing about just two basic propositions with just three 
epistemic agents already reveals many subtleties, the reader should bear in 
mind that DEMO is capable of modelling much more complex situations. 

In a situation where you and I know nothing about a particular aspect 
of the state of the world (about whether p and q hold, say), our state of 
knowledge is modelled by a Kripke model where the worlds are the four 
different possibilities for the truth of p and q (Ø, p, q, pq), your epistemic 
accessibility relation ~, is the total relation on these four possibilities, and 
mine ~, is the total relation on these four possibilities as well. There is also 
c, who like the two of us, is completely ignorant about p and q. This initial 
model is generated by DEMO as follows. 


DEMO> showM (initE [P 0,Q 0] [a,b,c]) 
==> [0,1,2,3] 

[0,1,2,3] 

(0, []) (4, [p]) (2, [q]) (3, [p,q]) 

(a, [[0,1,2,3]]) 

(b, [[0,1,2,3]]) 

(c, [[0,1,2,3]]) 


Here initE generates an initial epistemic model, and showM shows that 
model in an appropriate form, in this case in the partition format that is 
made possible by the fact that the epistemic relations are all equivalences. 

As an example of a different kind of representation, let us look at the 
picture that can be generated with dot [GaoKosNo006] from the file pro- 
duced by the DEMO command writeP "filename" (initE [P 0,Q 0]), 
as represented in Figure 1. 

This is a model where none of the three agents a, b or c can distinguish 
between the four possibilities about p and q. DEMO shows the partitions 
generated by the accessibility relations ~,,~»,~c. Since these three rela- 
tions are total, the three partitions each consist of a single block. Call this 
model e0. 

Now suppose a wants to know whether p is the case. She asks whether p 
and receives a truthful answer from somebody who is in a position to know. 
This answer is conveyed to a in a message. b and c have heard a’s question, 
and so are aware of the fact that an answer may have reached a. b and c 
have seen that an answer was delivered, but they don’t know which answer. 
This is not a secret communication, for b and c know that a has inquired 
about p. The situation now changes as follows: 


DEMO> showM (upd e0 (message a p)) 
==> [1,4] 

[0,1,2,3,4,5] 

(0, []) (1, [p]) (2, [p]) (3, [q]) (4, [p,q] 
(5, [p,q]) 
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FIGURE 1. 


(a, [[0,2,3,5],[1,4]]) 
(b, [[0,1,2,3,4,5]]) 
(c,[[0,1,2,3,4,5]]) 


Note that upd is a function for updating an epistemic model with (a 
representation of) a communicative action. In this case, the result is again 
a model where the three accessibility relations are equivalences, but one in 
which a has restricted her range of possibilities to 1,4 (these are worlds 
where p is the case), while for b and c all possibilities are still open. Note 
that this epistemic model has two ‘actual worlds’: this means that there 
are two possibilities that are compatible with ‘how things really are’. In 
graphical display format these ‘actual worlds’ show up as double ovals, as 
seen in Figure 2. 

DEMO also allows us to display the action models corresponding to 
the epistemic updates. For the present example (we have to indicate that 
we want the action model for the case where {a,b,c} is the set of relevant 
agents): 

showM ((message a p) [a,b,c]) 
==> [0] 

[0,1] 

(O,p) (1, 

T) 

(a, [C0] , (1]]) 
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FIGURE 2. 


(b, [[0,1]]) 
(c, [[0,1]]) 
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abc 


Notice that in the result of updating the initial situation with this message, 
some subtle things have changed for b and c as well. Before the arrival of 
the message, 0,(=0,p A ~O,-p) was true, for b knew that a did not know 
about p. But now b has heard a’s question about p, and is aware of the 


knows about p. In other words, O)( 


apV 


fact that an answer has reached a. So in the new situation b knows that a 


a™p) has become true. On the 


other hand it is still the case that b knows that a knows nothing about q: 
»7O,¢¢q is still true in the new situation. The situation for c is similar to 


that for b. These things can be checked in DEMO as follows: 
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DEMO> isTrue (upd e0 (message a p)) (K b (Neg (K a q))) 
True 
DEMO> isTrue (upd e0 (message a p)) (K b (Neg (K a p))) 
False 
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If you receive the same message about p twice, the second time the 
message gets delivered has no further effect. Note the use of upds for a 


sequence of updates. 


DEMO> showM (upds e0 [message a p, message a p]) 
==> [1,4] 

[0,1,2,3,4,5] 

(0, []) (1, [p]) (2, [p]) (3, [q]) (4, [p,q] 

(5, [p,q]) 

(a, [(0,2,3,5],[1,4]]) 

(b, [[0,1,2,3,4,5]]) 

(c, [[0,1,2,3,4,5]]) 


Now suppose that the second action is a message informing b about p: 


DEMO> showM (upds e0 [message a p, message b p]) 
==> [1,6] 

[0,1,2,3,4,5,6,7,8,9] 

(0, []) (1, [p]) (2, [p]) (3, [p]) (4, [p]) 

(5, [q]) (6, [p,q]) (7, [p,q]) (8, [p,q]) (9, [p,q]) 


(a, [[0,3,4,5,8,9],[1,2,6,7]]) 
(b, [[0,2,4,5,7,9],[1,3,6,8]]) 
(c, [[0,1,2,3,4,5,6,7,8,9]]) 


The graphical representation of this model is slightly more difficult to 


nothing, and both a and b know that c knows nothing. Both 


a7U_-p and Op,-O,p are true. 


DEMO> isTrue (upds e0 [message a p, message b p]) (K a (K b p)) 


False 


DEMO> isTrue (upds e0 [message a p, message b p]) (K b (K a p)) 


False 


a 


fathom at a glance. See Figure 3. In this model a and b both know about p, 
but they do not know about each other’s knowledge about p. c still knows 


op and 


pOap are false in this model. 0,70 yp and Oy, gp are false as well, but 


DEMO> isTrue (upds e0 [message a p, message b p]) (K b (Neg (K b p))) 


False 


DEMO> isTrue (upds e0 [message a p, message b p]) (K b (Neg (K c p))) 


True 


The order in which a and b are informed does not matter: 


DEMO> showM (upds e0 [message b p, message a p]) 
==> [1,6] 
[0,1,2,3,4,5,6,7,8,9] 
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(0, []) (1, [p]) (2, [p]) (3, [p]) (4, [p]) 
(5, [q]) (6, [p,q]) (7, [p,q]) (8, [p,q] (9, [p,q] 


(a, [[0,2,4,5,7,9],[1,3,6,8]]) 
(b, [[0,3,4,5,8,9],[1,2,6,7]]) 
(c, [[0,1,2,3,4,5,6,7,8,9]]) 


Modulo renaming this is the same as the earlier result. The example 
shows that the epistemic effects of distributed message passing are quite 
different from those of a public announcement or a group message. 


DEMO> showM (upd e0 (public p)) 
==> [0,1] 

[0,1] 

(0, [p]) (1, [p,q]) 

(a, [[0,1]]) 

(b, [[0,1]]) 

Cc, [[0,1]]) 


The result of the public announcement that p is that a, b and c are 
informed that p and about each other’s knowledge about p. 


DEMO allows to compare the action models for public announcement and 
individual message passing: 


DEMO> showM ((public p) [a,b,c]) 
==> [0] 

[0] 

(0,p) 

(a, [[0]]) 

(b, [[0]]) 

Cc, [[0]]) 


DEMO> showM ((cmp [message a p, message b p, message c p]) [a,b,c]) 
==> [0] 

[0,1,2,3,4,5,6,7] 

(0,p) (1,p) (2,p) (3, p) (4, p) 

(5,p) (6,p) (7,T) 

(a, [[0,1,2,3],[4,5,6,7]]) 

(b, [£0,1,4,5],[2,3,6,7]]) 

(c, [[0,2,4,6],[1,3,5,7]]) 


Here cmp gives the sequential composition of a list of communicative 
actions. This involves, among other things, computation of the appropriate 
preconditions for the combined action model. 

More subtly, the situation is also different from a situation where a,b 
receive the same message that p, with a being aware of the fact that b 
receives the message and vice versa. Such group messages create common 
knowledge. 
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DEMO> showM (groupM [a,b] p [a,b,c]) 
==> [0] 

[0,1] 

(0,p) (1,7) 

(a, [C0], [1]]) 

(b, [£0] , (1]]) 

(c, [[0,1]]) 


The difference with the case of the two separate messages is that now a and 
b are aware of each other’s knowledge that p: 


DEMO> isTrue (upd e0 (groupM [a,b] p)) (Ka (K b p)) 
True 
DEMO> isTrue (upd e0 (groupM [a,b] p)) (K b (K a p)) 
True 


In fact, this awareness goes on, for arbitrary nestings of Oa and Oy, which 
is what common knowledge means. Common knowledge can be checked 
directly, as follows: 


DEMO> isTrue (upd e0 (groupM [a,b] p)) (CK [a,b] p) 
True 


It is also easily checked in DEMO that in the case of the separate messages 
no common knowledge is achieved. 


Next, look at the case where two separate messages reach a and b, one 
informing a that p and the other informing b that ~q: 


DEMO> showM (upds e0 [message a p, message b (Neg q)]) 
==> [2] 

[0,1,2,3,4,5,6,7,8] 

(0, []) (1, 11) (2, [p]) (3, [p]) (4, [p]) 

(5, [p]) (6, [q]) (7, [p,q]) (8, [p,q]) 

(a, [[0,1,4,5,6,8],[2,3,7]]) 

(b, [[0,2,4],[1,3,5,6,7,8]]) 

(c,[[0,1,2,3,4,5,6,7,8]]) 


Again the order in which these messages are delivered is immaterial for the 
end result, as you should expect: 


DEMO> showM (upds e0 [message b (Neg q), message a pl) 
==> [2] 

[0,1,2,3,4,5,6,7,8] 

(0, []) (1, (1) (2, [p]) (3, [p]) (4, [p]) 

(5, [p]) (6, [q]) (7, [p,q]) (8, [p,q]) 

(a, [[0,1,3,5,6,8],[2,4,7]]) 

(b, [[0,2,3],[1,4,5,6,7,8]]) 

(c,[[0,1,2,3,4,5,6,7,8]]) 


Modulo a renaming of worlds, this is the same as the previous result. 

The logic of public announcements and private messages is related to 
the logic of knowledge, with [Hi,62] as the pioneer publication. This logic 
satisfies the following postulates: 
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e knowledge distribution O,(y > Y) > (Gay aW) (if a knows that 
y implies 7, and she knows y, then she also knows 4), 


e positive introspection Oa% aay (if a knows y, then a knows 
that she knows 4), 


e negative introspection ~O,y aay (if a does not know g, then 
she knows that she does not know), 


e truthfulness O,y => ọ (if a knows ọ then ọ is true). 


As is well known, the first of these is valid on all Kripke frames, the sec- 
ond is valid on precisely the transitive Kripke frames, the third is valid on 
precisely the euclidean Kripke frames (a relation R is euclidean if it satis- 
fies VaVyVz((aRy A «Rz) = yRz)), and the fourth is valid on precisely the 
reflexive Kripke frames. A frame satisfies transitivity, euclideanness and 
reflexivity iff it is an equivalence relation, hence the logic of knowledge is 
the logic of the so-called S5 Kripke frames: the Kripke frames with an equi- 
valence ~a as epistemic accessibility relation. Multi-agent epistemic logic 
extends this to multi-S5, with an equivalence ~, for every b € B, where b 
is the set of epistemic agents. 

Now suppose that instead of open messages, we use secret messages. 
If a secret message is passed to a, b and c are not even aware that any 
communication is going on. This is the result when a receives a secret 
message that p in the initial situation: 


DEMO> showM (upd e0 (secret [a] p)) 
==> [1,4] 

[0,1,2,3,4,5] 

(0, []) (1, [p]) (2, [p]) (3, [q]) (4, [p,q] 
(5, [p,q]) 

(a, [([], [0,2,3,5]), (C, [1,4])]) 

(b, [([1,4] , [0,2,3,5])]) 

(c, [([1,4] , [0,2,3,5])]) 


This is not an S5 model anymore. The accessibility for a is still an 
equivalence, but the accessibility for b is lacking the property of reflexivity. 
The worlds 1,4 that make up a’s conceptual space (for these are the worlds 
accessible for a from the actual worlds 1,4) are precisely the worlds where 
the b and c arrows are not reflexive. b enters his conceptual space from 
the vantage points 1 and 4, but b does not see these vantage points itself. 
Similarly for c. In the DEMO representation, the list ( [1,4] , [0,2,3,5]) 
gives the entry points [1,4] into conceptual space [0,2,3,5]. 

The secret message has no effect on what b and c believe about the facts 
of the world, but it has effected b’s and c’s beliefs about the beliefs of a 
in a disastrous way. These beliefs have become inaccurate. For instance, b 
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now believes that a does not know that p, but he is mistaken! The formula 
pO ,p is true in the actual worlds, but =O,p is false in the actual worlds, 
for a does know that p, because of the secret message. Here is what DEMO 
says about the situation (isTrue evaluates a formula in all of the actual 
worlds of an epistemic model): 


DEMO> isTrue (upd e0 (secret [a] p)) (K b (Neg (K a p))) 
True 

DEMO> isTrue (upd e0 (secret [a] p)) (Neg (K a p)) 

False 


This example illustrates a regress from the world of knowledge to the 
world of consistent belief: the result of the update with a secret propositional 
message does not satisfy the postulate of truthfulness anymore. 


The logic of consistent belief satisfies the following postulates: 


e knowledge distribution O,(y = w) (Gay at), 


e positive introspection Oa% ata, 


e negative introspection ~O,yp a Uap, 


e consistency Oa% ay (if a believes that y then there is a world 
where y is true, i.e., y is consistent). 


Consistent belief is like knowledge, except for the fact that it replaces the 
postulate of truthfulness Day = y by the weaker postulate of consistency. 

Since the postulate of consistency determines the serial Kripke frames (a 
relation R is serial if VxðJy x Ry), the principles of consistent belief determine 
the Kripke frames that are transitive, euclidean and serial, the so-called 
KD45 frames. 

In the conceptual world of secrecy, inconsistent beliefs are not far away. 
Suppose that a, after having received a secret message informing her about 
p, sends a message to b to the effect that O,p. The trouble is that this is 
inconsistent with what b believes. 


DEMO> showM (upds e0 [secret [a] p, message b (K a p)]) 
==> [1,5] 

[0,1,2,3,4,5,6,7] 

(0, []) (4, [p]) (2, [p]) (3, [p]) (4, [q]) 

(5, [p,q]) (6, [p,q]) (7, [p,q]) 

(a, (01, 0¢0],(0,3,4,7]),(01,[1,2,5,6])])) 

(b, ([1,5], [([2,6] , [0,3,4,7])])) 

(c, ([], [([1,2,5,6],[0,3,4,71)])) 


This is not a KD45 model anymore, for it lacks the property of seriality 
for b’s belief relation. b’s belief contains two isolated worlds 1,5. Since 1 is 
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the actual world, this means that 6’s belief state has become inconsistent: 
from now on, b will believe anything. 

So we have arrived at a still weaker logic. The logic of possibly incon- 
sistent belief satisfies the following postulates: 


e knowledge distribution O.(y > Y) > (Gay at), 


e positive introspection Oa% ata, 


e negative introspection 204% a Ug: 


This is the logic of K45 frames: frames that are transitive and euclidean. 

In [vE,04a] some results and a list of questions are given about the 
possible deterioration of knowledge and belief caused by different kind of 
message passing. E.g., the result of updating an $5 model with a public 
announcement or a non-secret message, if defined, is again S5. The result 
of updating an S5 model with a secret message to some of the agents, if 
defined, need not even be KD45. One can prove that the result is KD45 
iff the model we start out with satisfies certain epistemic conditions. The 
update result always is K45. Such observations illustrate why $5, KD45 
and K45 are ubiquitous in epistemic modelling. See [BldRVe,01, Goo02] 
for general background on modal logic, and [Ch380, Fa+95] for specific 
background on these systems. 

If this introduction has convinced the reader that the logic of public 
announcements, private messages and secret communications is rich and 
subtle enough to justify the building of the conceptual modelling tools to 
be presented in the rest of the report, then it has served its purpose. 

In the rest of the report, we first fix a formal version of epistemic up- 
date logic as an implementation goal. After that, we are ready for the 
implementation. 

Further information on various aspects of dynamic epistemic logic is 
provided in [Ba402, Ba4Mo3S0199, vBO1b, vB06, vD00, Fa+95, Ge299a, 
Ko 403}. 


2 Design 


DEMO is written in a high level functional programming language Haskell 
[Jo203]. Haskell is a non-strict, purely-functional programming language 
named after Haskell B. Curry. The design is modular. Operations on lists 
and characters are taken from the standard Haskell List and Char modules. 
The following modules are part of DEMO: 


Models The module that defines general models over a number of agents. 
In the present implementation these are A through E. It turns out 
that more than five agents are seldom needed in epistemic modelling. 
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General models have variables for their states and their state adorn- 
ments. By letting the state adornments be valuations we get Kripke 
models, by letting them be formulas we get update models. 


MinBis The module for minimizing models under bisimulation by means 
of partition refinement. 


Display The module for displaying models in various formats. Not dis- 
cussed in this paper. 


ActEpist The module that specializes general models to action models 
and epistemic models. Formulas may contain action models as oper- 
ators. Action models contain formulas. The definition of formulas is 
therefore also part of this module. 


DPLL Implementation of Davis, Putnam, Logemann, Loveland (DPLL) 
theorem proving [Da;LogLo462, Da; Pu60] for propositional logic. The 
implementation uses discrimination trees or tries, following [ZhoSt500]. 
This is used for formula simplification. Not discussed in this paper. 


Semantics Implementation of the key semantic notions of epistemic up- 
date logic. It handles the mapping from communicative actions to 
action models. 


DEMO Main module. 


3 Main module 


module DEMO 
¢ 
module List, 
module Char, 
module Models, 
module Display, 
module MinBis, 
module ActEpist, 
module DPLL, 
module Semantics 
) 


where 


import List import Char import Models import Display import MinBis 
import ActEpist import DPLL import Semantics 


The first version of DEMO was written in March 2004. This version was 
extended in May 2004 with an implementation of automata and a transla- 
tion function from epistemic update logic to Automata PDL. In Septem- 
ber 2004, I discovered a direct reduction of epistemic update logic to PDL 
[vE,04b]. This motivated a switch to a PDL-like language, with extra 
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modalities for action update and automata update. I decided to leave in 
the automata for the time being, for nostalgic reasons. 

In Summer 2005, several example modules with DEMO programs for 
epistemic puzzles (some of them contributed by Ji Ruan) and for checking 
of security protocols (with contributions by Simona Orzan) were added, and 
the program was rewritten in a modular fashion. 

In Spring 2006, automata update was removed, and in Autumn 2006 the 
code was refactored for the present report: 


version :: String 
version = "DEMO 1.06, Autumn 2006" 


4 Definitions 
4.1 Models and updates 


In this section we formalize the version of dynamic epistemic logic that we 
are going to implement. 

Let p range over a set of basic propositions P and let a range over a set 
of agents Ag. Then the language of PDL over P, Ag is given by: 


eg = Tlpl lei Ave [r] 
Tm x= al?p| T1; T2 | T1 UT | 7* 


Employ the usual abbreviations: L is shorthand for =T, yı V go is 
shorthand for ~(~y1 A7%2), Y1 — p2 is shorthand for =(y1 A p2), Y1 S Y2 
is shorthand for (pı > p2) A (p2 > 1), and (r}y is shorthand for 7[7]7y. 
Also, if B C Ag and B is finite, use B as shorthand for bı U b2 U---. Under 
this convention, formulas for expressing general knowledge Egy take the 
shape [B]y, while formulas for expressing common knowledge Cgy appear 
as [B*]y, i.e., [B]y expresses that it is general knowledge among agents B 
that y, and [B*]y expresses that it is common knowledge among agents B 
that y. In the special case where B = Ø, B turns out equivalent to ?L, the 
program that always fails. 

The semantics of PDL over P, Ag is given relative to labelled transition 
systems M = (W, V, R), where W is a set of worlds (or states), V : W > 
P(P) is a valuation function, and R = {SC W x W | a € Ag} is a set 
of labelled transitions, i.e., binary relations on W, one for each label a. In 
what follows, we shall take the labelled transitions for a to represent the 
epistemic alternatives of an agent a. 

The formulae of PDL are interpreted as subsets of Wm (the state set of 
M), the actions of PDL as binary relations on Wm, as follows: 


[T1“ = Wm 
[PIM = {we Wm |p E€ Vu(w)} 
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PA“ = Wu- [e 
[Lein = anA fM 
[nly] = {we Wm | Vol if (w,v) € [7]™ then v € [y]™)} 
[a M = LM 
Po~“ = {(w,w) € Wm x Wm |w € [v]™} 
[mi; T2 ME- [7]™ Q [72]™ 
[m U T2 M = [m ]™ U [72]™ 
[wA = (iy) 


If w € Wm then we use M Hu for w € [y]M. The paper 

[Ba4Mo3S0103] proposes to model epistemic actions as epistemic models, 
with valuations replaced by preconditions. See also: [vB01b, vB06, vD00, 
vE,04b, Fa+95, Ge299a, Ko,03, Rug04]. 
Action models for a given language £. Let a set of agents Ag and 
an epistemic language £ be given. An action model for £ is a triple A = 
([S0,---,Sn—1], pre, T) where [so,...,5n—1] is a finite list of action states, 
pre : {S0,...,Sn-1} — L assigns a precondition to each action state, and 
T : Ag > P({s0,...,Sn-1}°) assigns an accessibility relation + to each 
agent a € Ag. 

A pair A = (A,s) with s € {89,...,5, 1} is a pointed action model, 
where s is the action that actually takes place. 

The list ordering of the action states in an action model will play an 
important role in the definition of the program transformations associated 
with the action models. 

In the definition of action models, £ can be any language that can be 

interpreted in PDL models. Actions can be executed in PDL models by 
means of the following product construction: 
Action Update. Let a PDL model M = (W,V, R), a world w € W, and 
a pointed action model (A, s), with A = ([s0,...,Sn—1], pre, T), be given. 
Suppose w € [pre(s)]M. Then the result of executing (A,s) in (M, w) is 
the model (M @ A, (w, s)), with M @ A = (W’, VV’, R’), where 


W = {(w,s)|s € {so,..-,5n—-1},w E [pre(s)]™} 
V'(w,s) = V(w) 
R'(a) = {((w,s), (w’,s’)) | (w,w’) € R(a), (s,s) E€ T(a)}. 


In case there is a set of actual worlds and a set of actual actions, the defi- 
nition is similar: those world/action pairs survive where the world satisfies 
the preconditions of the action (see below). 
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The language of PDLPF" (update PDL) is given by extending the PDL 
language with update constructions [A, s]y, where (A, s) is a pointed action 
model. The interpretation of [A, s]y in M is given by: 


[[A, s]ly]M = {w € Wm | if M Ey pre(s) then (w, s) € [y]M?4}. 
Using (A, s)y as shorthand for —[A, s]>y, we see that the interpretation for 
(A, s)p turns out as: 

[(A, 8) = {w € Wm | M Hu pre(s) and (w, 5) € [y]M24}. 


Updating with multiple pointed update actions is also possible. A multiple 
pointed action is a pair (A, S), with A an action model, and S a subset of 
the state set of A. Extend the language with updates [A, S]y, and interpret 
this as follows: 


[[A, Slo] = {w € Wm | Vs € S(if M Ky pre(s) 
then M 8 A Fvw,s) Y)}- 
In [vE,04b] it is shown how dynamic epistemic logic can be reduced 
to PDL by program transformation. Each action model A has associated 


program transformers T for all states s;, sj in the action model, such that 
the following hold: 


Lemma 4.1 (Program Transformation, Van Eijck [vE,04b]). Assume A 
has n states so,...,Sn—1. Then: 


M Ey [A, sillr]y iff M = „AEA MIA, sj] 


This lemma allows a reduction of en epistemic logic to PDL, a 
reduction that we shall implement in the code below. 


4.2 Operations on action models 


Sequential Composition. If (A,S) and (B,T) are multiple pointed ac- 
tion models, their sequential composition (A, S) © (B,T) is given by: 


(A, S) © (B, T) := ((W, pre, R), S x T), 
where 
e W = Wa x Wp, 
e pre(s,t) = pre(s) A (A, S)pre(t), 
e Ris given by: (s,t) % (s',t’) € Rif s 5 s' € Ra and t 5t € Rp. 
The unit element for this operation is the action model 
= (({0},0 = T, {0 & 0 | a € Ag}), {0}). 


Updating an arbitrary epistemic model M with 1 changes nothing. 
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Non-deterministic Sum. The non-deterministic sum 6 of multiple poin- 
ted action models (A, S) and (B,T) is the action model (A, S) @ (B,T) is 
given by: 

(A, S) ® (B,T) := ((W, pre, R), SH T), 


where W denotes disjoint union, and where 
e W = Wa © Wp, 
e pre = pre, W prep, 
e R= Ra © Rp. 


The unit element for this operation is called 0: the multiple pointed action 
model given by ((@, Ø, @), Ø). 

4.3 Logics for communication 

Here are some specific action models that can be used to define various 


languages of communication. 
In order to model a public announcement of y, we use the action 
model (S, {0}) with 
Ss = {0}, ps =0 y, Rs = {0 5 0 | a € A}. 


If we wish to model an individual message to b that y, we consider 
the action model (S, {0}) with Ss = {0,1}, ps =O ọy,1 => T, and 


Rs = {0 30,1 & 1}U {0 ~a 1 | a € A — {b}}; similarly, for a group 
message to B that y, we use the action model (S, {0}) with 


Ss = {0,1}, ps = 0 | y, 1 > T, Rs = {0 ~va 1 |a € A — B}. 


A secret individual communication to b that y is modelled by (S, {0}) 
with 


Ss = {0, 1}, 
PS = Or glrHeT, 
Rg = {0So0}uUf0S1]ae A-{o}} U1 $1] ae A}, 


and a secret group communication to B that ¢ by (S, {0}) with 
Ss = {0,1}, 
Ps = Or pil ad i 
Rs = {050|be B}U{OS1/ae A—B}U{1 41 |ae A}. 
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We model a test of y by the action model (S, {0}) with 
Ss = {0,1},pp = 0 = ọ,1 = T, Rs ={0 5 1 |a € ASU{I1| ae A}, 


an individual revelation to b of a choice from {ọ91,..., Yn} by the 
action model (S, {1,...,n}) with 


Ss = ({l,...,n}, 


ps = le 4Y,..-,N Yn, 
Rs = {s%s8|seSs}U{s%s' | s,s’ € Ss,a € A— {b}}, 
and a group revelation to B of a choice from {1,...,~,} by the 


action model (S, {1,...,n}) with 


Ss =: {1,...,n}, 
ps = l= gyy,...,n Yn, 
Rs = {s s|s€Ss,b€ B}U{s 458! |s,s' € Ss,a€ A— B}. 


Finally, transparent informedness of B about y is represented by the 
action model (S, {0,1}) with Sg = {0,1}, ps = 0 > vy, 1 > ~y, Rs = {0 5 
Oj|aecASUfOS1;/aeA-BJufIS0]/acA-Bhufisilae 
A}. Transparent informedness of B about y is the special case of a group 
revelation of B of a choice from {y,y}. Note that all but the revelation 
action models and the transparent informedness action models are single 
pointed (their sets of actual states are singletons). 


On the syntactic side, we now define the corresponding languages. The 
language for the logic of group announcements is defined by: 


p = T|pl7e| Aleu---s¢al Vier- 2n] | Gay 
| Ego | Cge | [rly 


mw == 1|0| public B ọ | Oļlrı,..., nn] | Olm,.--, Tn] 


We use the semantics of 1, 0, public B y, and the operations on multiple 
pointed action models from Section 4.2. For the logic of tests and group 
announcements, we allow tests ?y as basic programs and add the appro- 
priate semantics. For the logic of individual messages, the basic actions 
are messages to individual agents. In order to give it a semantics, we start 
out from the semantics of message a y. Finally, the logic of tests, group 
announcements, and group revelations is as above, but now also allowing 
revelations from alternatives. For the semantics, we use the semantics of 
reveal B {1,..., Qn}. 
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5 Kripke models 


module Models where 
import List 


5.1 Agents 
data Agent = A |B |C |D | E deriving (Eq,0rd,Enum, Bounded) 


Give the agents appropriate names: 


a, alice, b, bob, c, carol, d, dave, e, ernie :: Agent 
a = A; alice =A 
b = B; bob =B 
c = C; carol = C 
d = D; dave =D 
e = E; ernie = E 


Make agents showable in an appropriate way: 


instance Show Agent where 
show A = "a"; show B = "b"; show C = "c"; show D = "d" ; show E = "e" 


5.2 Model datatype 


It will prove useful to generalize over states. We first define general models, 
and then specialize to action models and epistemic models. In the following 
definition, state and formula are variables over types. We assume that 
each model carries a list of distinguished states. 


data Model state formula = Mo 
[state] 
[(state,formula)] 
[Agent] 
[(Agent,state,state)] 
[state] 
deriving (Eq,Ord,Show) 


Decomposing a pointed model into a list of single-pointed models: 


decompose :: Model state formula -> [Model state formula] 
decompose (Mo states pre agents rel points) = 
[ Mo states pre agents rel [point] | point <- points ] 


It is useful to be able to map the precondition table to a function. Here 
is a general tool for that. Note that the resulting function is partial; if the 
function argument does not occur in the table, the value is undefined. 


table2fct :: Eq a => [(a,b)] -> a -> b 
table2fct t = \ x -> maybe undefined id (lookup x t) 


Another useful utility is a function that creates a partition out of an equi- 
valence relation: 
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rel2part :: (Eq a) => [a] -> (a -> a -> Bool) -> [[a]] 
rel2part [] r = [] 
rel2part (x:xs) r = xblock : rel2part rest r 

where 

(xblock,rest) = partition (\ y -> r x y) (x:xs) 


The domain of a model is its list of states: 


domain :: Model state formula -> [state] 
domain (Mo states _ __ _) = states 


The eval of a model is its list of state/formula pairs: 


eval :: Model state formula -> [(state,formula)] 
eval (Mo _ pre _ _ _) = pre 


The agentList of a model is its list of agents: 


agentList :: Model state formula -> [Agent] 
agentList (Mo _ _ ags _ _) = ags 


The access of a model is its labelled transition component: 


access :: Model state formula -> [(Agent,state,state)] 
access (Mo _ rel _) = rel 


The distinguished points of a model: 


points :: Model state formula -> [state] 
points (Mo _ _ _ _ pnts) = pnts 
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When we are looking at models, we are only interested in generated 
submodels, with as their domain the distinguished state(s) plus everything 


that is reachable by an accessibility path. 


gsm :: Ord state => Model state formula -> Model state formula 

gsm (Mo states pre ags rel points) = (Mo states’ pre’ ags rel’ points) 
where 
states’ = closure rel ags points 
pre’ = [(s,f) | (s,f) <- pre, 


elem s states’ 
[(ag,s,s’) | (ag,s,s’) <- rel, 

elem s states’, 

elem s’ states’ 


rel’ 


The closure of a state list, given a relation and a list of agents: 


closure :: Ord state => 


[(Agent,state,state)] -> [Agent] -> [state] -> [state] 


closure rel agents xs 


| xs’? == xs = xs 
| otherwise = closure rel agents xs’ 
where 


xs’ = (nub . sort) (xs ++ (expand rel agents xs)) 
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The expansion of a relation R given a state set S and a set of agents B is 
given by {t | s LER, seS,b B}. This is implemented as follows: 


expand :: Ord state => 
[(Agent,state,state)] -> [Agent] -> [state] -> [state] 
expand rel agnts ys = 
(nub . sort . concat) 
[ alternatives rel ag state | ag <- agnts, 
state <- ys ] 


The epistemic alternatives for agent a in state s are the states in sR, (the 
states reachable through R, from s): 


alternatives :: Eq state => 
[(Agent,state,state)] -> Agent -> state -> [state] 
alternatives rel ag current = 
[ s? | (a,s,s’) <- rel, a == ag, s == current ] 


6 Model minimization under bisimulation 


module MinBis where 


import List 
import Models 


6.1 Partition refinement 


Any Kripke model can be simplified by replacing each state s by its bisim- 
ulation class [s]. The problem of finding the smallest Kripke model modulo 
bisimulation is similar to the problem of minimizing the number of states in 
a finite automaton [Ho471]. We will use partition refinement, in the spirit 
of [Pa;Tao87]. Here is the algorithm: 


e Start out with a partition of the state set where all states with the 
same precondition function are in the same class. The equality relation 
to be used to evaluate the precondition function is given as a parameter 
to the algorithm. 


e Given a partition II, for each block b in II, partition b into sub-blocks 
such that two states s,t of b are in the same sub-block iff for all agents 
a it holds that s and t have —*> transitions to states in the same block 
of II. Update II to II’ by replacing each b in II by the newly found set 
of sub-blocks for b. 


e Halt as soon as II = II’. 


Looking up and checking of two formulas against a given equivalence rela- 
tion: 
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lookupFs :: (Eq a,Eq b) => 
a -> a -> [(a,b)] -> (b -> b -> Bool) -> Bool 
lookupFs i j table r = case lookup i table of 
Nothing -> lookup j table == Nothing 
Just f1 -> case lookup j table of 
Nothing -> False 
Just f2 -> r f1 f2 


The following computes the initial partition, using a particular relation for 
equivalence of formulas: 


initPartition :: (Eq a, Eq b) => Model a b -> (b -> b -> Bool) -> [[a]] 
initPartition (Mo states pre ags rel points) r = 
rel2part states (\ x y -> lookupFs x y pre r) 


Refining a partition: 


refinePartition :: (Eq a, Eq b) => 
Model a b -> [[a]] -> [[a]] 

refinePartition m p = refineP m p p 

where 

refineP :: (Eq a, Eq b) => Model a b -> [[a]] -> [[a]] -> [[a]] 

refineP m part [] = [] 

refineP m part (block:blocks) = 

newblocks ++ (refineP m part blocks) 
where 
newblocks = 
rel2part block (\ x y -> sameAccBlocks m part x y) 


The following is a function that checks whether two states have the same 
accessible blocks under a partition: 


sameAccBlocks :: (Eq a, Eq b) => 
Model a b -> [[a]] -> a -> a -> Bool 
sameAccBlocks m@(Mo states pre ags rel points) part s t = 
and [ accBlocks m part s ag == accBlocks m part t ag | 
ag <- ags ] 


The accessible blocks for an agent from a given state, given a model and a 
partition can be determined by accBlocks: 
accBlocks :: (Eq a, Eq b) => 
Model a b -> [[a]] -> a -> Agent -> [[a]] 


accBlocks m@(Mo states pre ags rel points) part s ag = 
nub [ bl part y | (ag’,x,y) <- rel, ag’ == ag, x = s ] 


The block of an object in a partition: 


bl :: Eq a => [[a]] -> a -> [a] 
bl part x = head (filter (elem x) part) 


Initializing and refining a partition: 
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initRefine :: (Eq a, Eq b) => 
Model a b -> (b -> b -> Bool) -> [[a]] 
initRefine m r = refine m (initPartition m r) 


The refining process: 


refine :: (Eq a, Eq b) => Model a b -> [[a]] -> [[a]] 
refine m part = if rpart == part 
then part 
else refine m rpart 
where rpart = refinePartition m part 


6.2 Minimization 


We now use this to construct the minimal model. Notice the dependence 
on relational parameter r. 


minimalModel :: (Eq a, Ord a, Eq b, Ord b) => 
(b -> b -> Bool) -> Model a b -> Model [a] b 
minimalModel r m@(Mo states pre ags rel points) = 
(Mo states’ pre’ ags rel’ points’) 


where 

partition = initRefine mr 

states’ = partition 

f = bl partition 

rel’ = (nub.sort) (map (\ (x,y,z) -> (x, f y, f z)) rel) 
pre’ = (nub.sort) (map (\ (x,y) -> (f x, y)) pre) 
points’ = map f points 


Converting a’s into integers, using their position in a given list of a’s. 


convert :: (Eq a, Show a) => [a] -> a -> Integer 

convert = convrt 0 
where 
convrt :: (Eq a, Show a) => Integer -> [a] -> a -> Integer 
convrt n [] x = error (show x ++ " not in list") 
convrt n (y:ys) x | x = y =n 


| otherwise = convrt (nt1) ys x 


Converting an object of type Model a b into an object of type Model 
Integer b: 


conv :: (Eq a, Show a) => 
Model a b -> Model Integer b 
conv (Mo worlds val ags acc points) = 
(Mo (map f worlds) 
(map (\ (x,y) -> (f x, y)) val) 
ags 
(map (\ (x,y,z) -> (x, f y, f z)) acc)) 
(map f points) 
where f = convert worlds 


Use this to rename the blocks into integers: 


bisim :: (Eq a, Ord a, Show a, Eq b, Ord b) => 
(b -> b -> Bool) -> Model a b -> Model Integer b 
bisim r = conv . (minimalModel r) 
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7 Formulas, action models and epistemic models 


module ActEpist where 


import List 
import Models 
import MinBis 
import DPLL 


Module List is a standard Haskell module. Module Models is described 
in Chapter 5, and Module MinBis in Chapter 6. Module DPLL refers to an 
implementation of Davis, Putnam, Logemann, Loveland (DPLL) theorem 
proving (not included in this document, but available at http://www.cwi. 
nl/~jve/demo). 

7.1 Formulas 
Basic propositions: 


data Prop = P Int | Q Int | R Int deriving (Eq,Ord) 


Show these in the standard way, in lower case, with index 0 omitted. 


instance Show Prop where 


show (P 0) = "p"; show (P i) = "p" ++ show i 
show (Q 0) = "q"; show (Q i) = "q" ++ show i 
show (R 0) = "r"; show (R i) = "r" ++ show i 


Formulas, according to the definition: 


g = T|pl-vel Aien- -spr | iyi... l ele | [Aly 
cs a | B |24 | Olm,.--.%n] | Ulm, -s Tn] | a 


Here, p ranges over basic propositions, a ranges over agents, B ranges 
over non-empty sets of agents, and A is a multiple pointed action model 
(see below) © denotes sequential composition of a list of programs. We will 
often write Ofri, 72] as 71; 72, and L[m, m2] as 7 U m2. 

Note that general knowledge among agents B that ọ is expressed in this 
language as [B]y, and common knowledge among agents B that y as [B*]y. 
Thus, [B]y can be viewed as shorthand for [U cg bly. In case B = Ø, [Blip 
turns out to be equivalent to [? L]y. 

For convenience, we have also left in the more traditional way of ex- 
pressing individual knowledge O,y , general knowledge Egy and common 
knowledge Cgo. 


data Form = Top 

| Prop Prop 
| Neg Form 
| 


Conj [Form] 
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data Program 


Disj [Form] 


Pr Program Form 


K Agent Form 


EK [Agent] Form 
CK [Agent] Form 


Up AM Form 


l 
l 
| 
| 
| 
| 
deriving (Eq,Ord) 


Ag Agent 


Ags [Agent] 


Conc [Program] 
[Program] 


Sum 


Star Program 


| 
| Test Form 
| 
| 
| 


deriving (Eq,Ord) 


Some useful abbreviations: 


impl :: 


equiv :: 


Form -> Form -> Form 
impl form1 form2 = Disj [Neg form1, form2] 


Form -> Form -> Form 
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equiv formi form2 = Conj [formi ‘impl‘ form2, form2 ‘impl‘ formi] 


Xor i: 


Form -> Form -> Form 


xor x y = Disj [ Conj [x, Neg y], Conj [Neg x, y]] 


The negation of a formula: 


negation :: 


Form -> Form 


negation (Neg form) = form 
negation form 


= Neg form 


Show formulas in the standard way: 


instance Show Form where 
Top = "T" ; show (Prop p) 


show 
show 
show 
show 
show 
show 
show 
show 


(Conj fs) 
(Disj fs) 

(Pr p f) 

(K agent f) 
(EK agents f) 
(CK agents f) 
(Up pam f) 


g? 


= ?y?; 


E: 
E: 
E’: 
0: 
A? 


show 
show 
show 
show 
show 
show 
show 


Show programs in a standard way: 


instance Show Program 


show 
show 
show 
show 
show 
show 


(Ag a) 

(Ags as) 
(Test f) 
(Conc ps) 
(Sum ps) 
(Star p) 


where 
show 
show 
297: 
2C?: 
cal cas 
tan a 


a 
as 

show 
show 
show 
show 


= show p; show (Neg f) = ’-’: (show f); 
fs 

fs 

p ++ "]" ++ show f 


agent ++ "]" ++ show f 
agents ++ show f 
agents ++ show f 
(points pam) ++ show f 


f 
ps 


ps 
p ++ ") x 
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Programs can get very unwieldy very quickly. As is well known, there 
is no normalisation procedure for regular expressions. Still, here are some 
rewriting steps for simplification of programs: 


Ø oa ?1 2piUlp, > ?(~1 V p2) 
?ILUT <> T TU? L <> T 
Ul A a Ur) > 7 
?p1;?p2 —> = 2(y1 Ape) eT ya = T 
Tm; ? T = T anes = ?L 
m3 2 = ?L Oll — ?T 
Or) > Co > a 
(?pUm* > a” (mU?p)* = T* 
a, + 1, 
and the k + m + n-ary rewriting steps 
Uim, eee Tks Uire, ata ikem ikim us TkEmEn] 
T lr, ---, te+msn 
and 
© [1,-- +5 nk, O[ik+1; - - +) Team], Tht m4iy +++) Tk+m+n] 
> Olm,.--,Teemtnl- 


Simplifying unions by splitting up in test part, accessibility part and rest: 


splitU :: [Program] -> ([Form] , [Agent] , [Program] ) 
splitu [] = (0.01,0) 
splitU (Test f: ps) = (f:fs,ags,prs) 

where (fs,ags,prs) = splitU ps 
splitU (Ag x: ps) = (fs,union [x] ags,prs) 

where (fs,ags,prs) = splitU ps 
splitU (Ags xs: ps) = (fs,union xs ags,prs) 

where (fs,ags,prs) = splitU ps 
splitU (Sum ps: ps’) = splitU (union ps ps’) 
splitU (p:ps) = (fs,ags,p:prs) 

where (fs,ags,prs) = splitU ps 


Simplifying compositions: 


comprC :: [Program] -> [Program] 
comprC [] = [] 
comprC (Test Top: ps) = comprC ps 
comprC (Test (Neg Top) :ps) = [Test (Neg Top)] 
comprC (Test f: Test f’: rest) = comprC (Test (canonF (Conj [f,f’])): 
rest) 
comprC (Conc ps : ps’) = comprC (ps ++ ps’) 
comprC (p:ps) = let ps’ = comprC ps 
in if ps’ == [Test (Neg Top)] 


then [Test (Neg Top)] else p: ps’ 
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Use this in the code for program simplification: 


simpl :: Program -> Program 

simpl (Ag x) =Agx 

simpl (Ags []) Test (Neg Top) 
simpl (Ags [x]) Ag x 

simpl (Ags xs) Ags xs 

simpl (Test f) Test (canonF f) 


Simplifying unions: 


simpl (Sum prs) = 
let (fs,xs,rest) = splitU (map simpl prs) 
f = canonF (Disj fs) 
in 
if xs == [] && rest == [] then Test f 
else if xs == [] && f == Neg Top && length rest == 
then (head rest) 
else if xs == [] && f == Neg Top then Sum rest 
else if xs == [] 
then Sum (Test f: rest) 
else if length xs == 1 && f == Neg Top 
then Sum (Ag (head xs): rest) 
else if length xs == 1 then Sum (Test f: Ag (head xs): rest) 
else if f == Neg Top then Sum (Ags xs: rest) 
else Sum (Test f: Ags xs: rest) 


Simplifying sequential compositions: 


simpl (Conc prs) = 
let prs’ = comprC (map simpl prs) 


in 
if prs’== [] then Test Top 
else if length prs’ == then head prs’ 
else if head prs’ == Test Top then Conc (tail prs’) 
else Conc prs’ 


Simplifying stars: 


simpl (Star pr) = case simpl pr of 
Test f -> Test Top 
Sum [Test f, pr’] -> Star pr’ 
Sum (Test f: prs’) -> Star (Sum prs’) 
Star pr’ -> Star pr’ 
pr’ -> Star pr’ 


Property of being a purely propositional formula: 


pureProp :: Form -> Bool 
pureProp Top = True 
pureProp (Prop _) = True 
pureProp (Neg f) = pureProp f 


pureProp (Conj fs) = and (map pureProp fs) 
pureProp (Disj fs) = and (map pureProp fs) 
pureProp _ = False 
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Some example formulas and formula-forming operators: 


bot, pO, p, pl, p2, p3, p4, p5, p6 :: Form 

bot = Neg Top 

pO = Prop (P 0); p = pO; p1 = Prop (P 1); p2 = Prop (P 2) 

p3 = Prop (P 3); p4 = Prop (P 4); p5 = Prop (P 5); p6 = Prop (P 6) 


q0, q, ql, q2, q3, q4, q5, q6 :: Form 
q0 = Prop (Q 0); q = q0; qi = Prop (Q 1); q2 = Prop (Q 2); 
q3 = Prop (Q 3); q4 = Prop (Q 4); q5 = Prop (Q 5); q6 = Prop (Q 6) 


r0; r, ri, r2, r3, r4, r5, r6:: Form 


r0 = Prop (R 0); r = r0; ri = Prop (R 1); r2 = Prop (R 2) 
r3 = Prop (R 3); r4 = Prop (R 4); r5 = Prop (R 5); r6 = Prop (R 6) 
u = Up :: AM -> Form -> Form 


nkap = Neg (K a p) 
nkanp = Neg (K a (Neg p)) 
nka_p = Conj [nkap,nkanp] 


7.2 Reducing formulas to canonical form 


For computing bisimulations, it is useful to have some notion of equiva- 
lence (however crude) for the logical language. For this, we reduce formulas 
to a canonical form. We will derive canonical forms that are unique up 
to propositional equivalence, employing a propositional reasoning engine. 
This is still rather crude, for any modal formula will be treated as a propo- 
sitional literal. The DPLL (Davis, Putnam, Logemann, Loveland) engine 
expects clauses represented as lists of integers, so we first have to translate 
to this format. This translation should start with computing a mapping 
from positive literals to integers. For the non-propositional operators we 
use a little bootstrapping, by putting the formula inside the operator in 
canonical form, using the function canonF to be defined below. Also, since 
the non-propositional operators all behave as Box modalities, we can reduce 
| to l: 


mapping :: Form -> [(Form,Integer)] 
mapping f = zip lits [1..k] 


where 

lits = (sort . nub . collect) f 

k = toInteger (length lits) 

collect :: Form -> [Form] 

collect Top = [] 

collect (Prop p) = [Prop p] 

collect (Neg f) = collect f 

collect (Conj fs) = concat (map collect fs) 
collect (Disj fs) = concat (map collect fs) 
collect (Pr pr f) = if canonF f == Top 


then [] else [Pr pr (canonF f)] 
collect (K ag f) = if canonF f == Top 
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collect (EK ags f) 


collect (CK ags f) 


collect (Up pam f) 


then [] else [K ag (canonF f)] 
if canonF f == Top 

then [] else [EK ags (canonF f)] 
if canonF f == Top 

then [] else [CK ags (canonF f)] 
if canonF f == Top 

then [] else [Up pam (canonF f)] 
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The following code corresponds to putting in clausal form, given a map- 
ping for the literals, and using bootstrapping for formulas in the scope of a 


non-propositional operator. Note that 


Gf is 


cf 


cf 


cf 


cf 


cf 


cf 


cf 


cf 
cf 


g 
g 
g 


g 


g 
g 


(Form -> Integer) 
[[Integer]] 


(Top) 
(Prop p) 
(Pr pr f) 
(K ag f) 
(EK ags f) 
(CK ags f) 


(Up am f) 


(Conj fs) 
(Disj fs) 


Negated formulas: 


cf 


cf 


cf 


cf 


cf 


cf 


cf 


cf 


cf 
cf 


g 
g 


(Neg Top) 

(Neg (Prop p)) 
(Neg (Pr pr f)) 
(Neg (K ag f)) 
(Neg (EK ags f)) 
(Neg (CK ags f)) 
(Neg (Up am f)) 
(Neg (Conj fs)) 


(Neg (Disj fs)) 
(Neg (Neg f)) 


-> Form -> 


0] 

[[g (Prop p)]] 

if canonF f == Top then [] 
else [[g (Pr pr (canonF f))]] 
if canonF f == Top then [] 
else [[g (K ag (canonF f))]] 
if canonF f == Top then [] 
else [[g (EK ags (canonF f))]] 
if canonF f == Top then [] 
else [[g (CK ags (canonF f))]] 
if canonF f == Top then [] 
else [[g (Up am (canonF f))]] 
concat (map (cf g) fs) 
deMorgan (map (cf g) fs) 


[0] 

[[- g (Prop p)]] 

if canonF f == Top then [[]] 
else [[- g (Pr pr (canonF f))]] 
if canonF f == Top then [[]] 
else [[- g (K ag (canonF f))]] 
if canonF f == Top then [[]] 
else [[- g (EK ags (canonF f))]] 
if canonF f == Top then [[]] 
else [[- g (CK ags (canonF f))]] 
if canonF f == Top then [[]] 
else [[- g (Up am (canonF f))]] 


T is reduced to T, and ~OT to L. 


deMorgan (map (\ f -> cf g (Neg f)) fs) 
concat (map (\ f -> cf g (Neg f)) fs) 


cf g f 


In order to explain the function deMorgan, we recall De Morgan’s disjunction 
distribution which is the logical equivalence of the following expressions: 


QV (pA Apn) e (PV v1) A+: AlE Yn). 


Now the following is the code for De Morgan’s disjunction distribution (for 
the case of a disjunction of a list of clause sets): 
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deMorgan :: [[[Integer]]] -> [[Integer]] 
deMorgan [] = [[]] 
deMorgan [cls] = cls 
deMorgan (cls:clss) = deMorg cls (deMorgan clss) 
where 
deMorg :: [[Integer]] -> [[Integer]] -> [[Integer]] 
deMorg cls1 cls2 = (nub . concat) [ deM cl cls2 | cl <- clsi ] 
deM :: [Integer] -> [[Integer]] -> [[Integer]] 
deM cl cls = map (fuseLists cl) cls 


Function fuseLists keeps the literals in the clauses ordered. 


fuseLists :: [Integer] -> [Integer] -> [Integer] 
fuseLists [] ys = ys 
fuseLists xs [] = xs 
fuseLists (x:xs) (y:ys) | abs x < abs y = x:(fuseLists xs (y:ys)) 
| abs x == abs y = if x == y 
then x:(fuseLists xs ys) 
else if x> y 
then x:y:(fuseLists xs ys) 
else y:x:(fuseLists xs ys) 
| abs x > abs y = y:(fuseLists (x:xs) ys) 


Given a mapping for the positive literals, the satisfying valuations of a 
formula can be collected from the output of the DPLL process. Here dp is 
the function imported from the module DPLL. 


satVals :: [(Form,Integer)] -> Form -> [[Integer]] 
satVals t f = (map fst . dp) (cf (table2fct t) f) 


Two formulas are propositionally equivalent if they have the same sets 
of satisfying valuations, computed on the basis of a literal mapping for their 
conjunction: 


propEquiv :: Form -> Form -> Bool 


propEquiv f1 f2 = satVals g fi == satVals g f2 
where g = mapping (Conj [f1,f2]) 


A formula is a (propositional) contradiction if it is propositionally equiv- 
alent to Neg Top, or equivalently, to Disj (1: 


contrad :: Form -> Bool 
contrad f = propEquiv f (Disj []) 


A formula is (propositionally) consistent if it is not a propositional contra- 
diction: 


consistent :: Form -> Bool 
consistent = not . contrad 


Use the set of satisfying valuations to derive a canonical form: 
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canonF :: Form -> Form 
canonF f = if (contrad (Neg f)) 
then Top 


else if fs == [] 
then Neg Top 

else if length fs == 
then head fs 

else Disj fs 


where g = mapping f 
mss = satVals g f 
g? =\ i-> head [ form | (form,j) <- g, i = j ] 
h =\i-> if i< 0 then Neg (g? (abs i)) else g? i 
h? = \ xs -> map h xs 
k =\ xs -> if xs == [] 


then Top 
else if length xs == 1 
then head xs 
else Conj xs 
fs = map k (map h’ nss) 


This gives: 


ActEpist> canonF p 

P 

ActEpist> canonF (Conj [p,Top]) 

P 

ActEpist> canonF (Conj [p,q,Neg r]) 

&[p,q,-r] 

ActEpist> canonF (Neg (Disj [p, (Neg p)])) 

SE 

ActEpist> canonF (Disj [p,q,Neg r]) 

v[p,&[-p,q] ,&[-p,-q,-r]] 

ActEpist> canonF (K a (Disj [p,q,Neg r])) 
[a]v[p,&[-p,q],&[-p,-q,-r]] 

ActEpist> canonF (Conj [p, Conj [q,Neg r]]) 

&[p,q, zr] 

ActEpist> canonF (Conj [p, Disj [q,Neg (K a (Disj []))]]) 
v(&l[p,q] ,&[p,-q,-[a]-T]] 

ActEpist> canonF (Conj [p, Disj [q,Neg (K a (Conj []))]]) 
&[p,q] 


7.3 Action models and epistemic models 


Action models and epistemic models are built from states. We assume states 
are represented by integers: 


type State = Integer 


Epistemic models are models where the states are of type State, and 
the precondition function assigns lists of basic propositions (this specializes 
the precondition function to a valuation). 


type EM = Model State [Prop] 


DEMO — A Demo of Epistemic Modelling 333 


Find the valuation of an epistemic model: 


valuation :: EM -> [(State, [Prop])] 
valuation = eval 


Action models are models where the states are of type State, and the 
precondition function assigns objects of type Form. The only difference 
between an action model and a static model is in the fact that action models 
have a precondition function that assigns a formula instead of a set of basic 
propositions. 


type AM = Model State Form 


The preconditions of an action model: 


preconditions :: AM -> [Form] 
preconditions (Mo states pre ags acc points) = 
map (table2fct pre) points 


Sometimes we need a single precondition: 


precondition :: AM -> Form 
precondition am = canonF (Conj (preconditions am)) 


The zero action model 0: 


zero :: [Agent] -> AM 
zero ags = (Mo [] [] ags [] []) 


The purpose of action models is to define relations on the class of all 
static models. States with precondition L can be pruned from an action 
model. For this we define a specialized version of the gsm function: 


gsmAM :: AM -> AM 
gsmAM (Mo states pre ags acc points) = 


let 
points’ = [ p | p <- points, consistent (table2fct pre p) ] 
states’ = [ s | s <- states, consistent (table2fct pre s) ] 
pre’ = filter (\ (x,_) -> elem x states’) pre 
f = \ (_,s,t) -> elem s states’ && elem t states’ 
acc’ = filter f acc 

in 

if points’ == [] 


then zero ags 
else gsm (Mo states’ pre’ ags acc’ points’) 
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7.4 Program transformation 


For every action model A with states s9,...,5,—1 we define a set of n? 
program transformers T (0<i<n,0<j <n), as follows [vE104b]: 


TA(a) = ?pre(s;);a if s; S Sj, 
2 ? L otherwise 
TA (?y) = ?(pre(s;) A [A, silp) if i = ds 
2 steal otherwise 
n-1 
Tilim) = Jer); TH(m2)) 
k=0 
T(m Um) = Ti (m)UTH (me) 
TA) = Ke) 


where K, i (T) is a (transformed) program for all the 7* paths from s; to sj 
that can be traced through A while avoiding a pass through intermediate 
states s and higher. Thus, Kha T) is a program for all the 7* paths from 
si to sj that can be traced through A, period. 

Kop (r) is defined by recursing on k, as follows: 


KA= TUTA) ifi=j, 
A Tå (x) otherwise 


(Kål) ifi= k=} 
kai = | BAO NE re 

Kien (™)s (Kien (™))* f@ixAk=j, 

Kelt) U (Kite); (Kee); KG, (m) otherwise. 


Lemma 7.1 (Kleene Path). Suppose (w, w’) € [T6 (7 )J™ iff there is a 7 
path from (w, s;) to (w’,s;) in M8 A. Then (w, w’) € [K,,(7)]™ iff there 
is a m* path from (w, s;) to (w’,s;) in M@ A. 

The Kleene path lemma is the key ingredient in the proof of the following 
program transformation lemma. 


Lemma 7.2 (Program Transformation). Assume A has n states so, ... 
Sn—1. Then: 


M Ey [A, sillr]y iff M = „A4 )[A, sj]y. 
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The implementation of the program transformation functions is given here: 


transf :: AM -> Integer -> Integer -> Program -> Program 
transf am@(Mo states pre allAgs acc points) i j (Ag ag) = 
let 
f = table2fct pre i 
in 
if elem (ag,i,j) acc && f == Top then Ag ag 
else if elem (ag,i,j) acc && f /= Neg Top then Conc [Test f, Ag ag] 
else Test (Neg Top) 
transf am@(Mo states pre allAgs acc points) i j (Ags ags) = 


let ags? = nub [a | (a,k,m) <- acc, elem a ags, k == i, m = j ] 
agsi = intersect ags ags’ 
f = table2fct pre i 
in 
if agsi == [] || f£ == Neg Top then Test (Neg Top) 
else if f == Top && length ags1 == 1 then Ag (head ags1) 
else if f == Top then Ags ags1 


else Conc [Test f, Ags ags1] 
transf am@(Mo states pre allAgs acc points) i j (Test f) = 


let 

g = table2fct pre i 
in 
if i= j 


then Test (Conj [g,(Up am f)]) 
else Test (Neg Top) 
transf am@(Mo states pre allAgs acc points) i j (Conc []) 
transf am i j (Test Top) 
transf am@(Mo states pre allAgs acc points) i j (Conc [p]) 
transf am i j p 
transf am@(Mo states pre allAgs acc points) i j (Conc (p:ps)) = 
Sum [ Conc [transf am i k p, transf am k j (Conc ps)] | k <- [0..n] ] 
where n = toInteger (length states - 1) 
transf am@(Mo states pre allAgs acc points) i j (Sum []) 
transf am i j (Test (Neg Top)) 
transf am@(Mo states pre allAgs acc points) i j (Sum [p]) 
transf am i j p 
transf am@(Mo states pre allAgs acc points) i j (Sum ps) 
Sum [ transf am i j p | p <- ps ] 
transf am@(Mo states pre allAgs acc points) i j (Star p) 
kleene am i j n p 
where n = toInteger (length states) 


The following is the implementation of K, oe 


kleene :: AM -> Integer -> Integer -> Integer -> Program -> Program 
kleene am i j O pr = 
if i==j 


then Sum [Test Top, transf am i j pr] 
else transf am i j pr 
kleene am i j k pr 
| i == j && j == pred k = Star (kleene am i i i pr) 
| i == pred k = 
Conc [Star (kleene am i i i pr), kleene am i j i pr] 
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| j == pred k = 
Conc [kleene am i j j pr, Star (kleene am j j j pr)] 
| otherwise = 
Sum [kleene am i j k’ pr, 
Conc [kleene am i k’ k’ pr, 
Star (kleene am k’ k’ k’ pr), kleene am k’ j k’ pr]] 
where k’ = pred k 


Transformation plus simplification: 


tfm :: AM -> Integer -> Integer -> Program -> Program 
tfm am i j pr = simpl (transf am i j pr) 


The program transformations can be used to translate Update PDL to PDL, 
as follows: 


(T) = T up) = p 
ty) = tp) t(p1 ^ p2) = tpi) Atly2) 

t([m]y) = [r(mt(y) (A, s]T) = T 

t([A, slp) = t(pre(s)) > p 
t([A, shy ) = tpre(s)) > =t([A, sly) 
t([A, s](p1 ^ y2)) = Asaler) A t([A, s]p2) 
t([A, sllm]y) = Ajo (ITA), silo) 
t([A, s][A’, s ~ = _ t([A, slt([A", s']p)) 


p) 
tA, SJ) = Ases tA, sly) 


ae 
Q 
— 
| 
a 
3 
A 
w 
— 
| 
w 


r(2p) = t) r(t; T2) r(m1);7(72) 
r(m, Um) = r(mı) Ur(te) r(m*) = r(m))*. 


The correctness of this translation follows from direct semantic inspec- 
tion, using the program transformation lemma for the translation of formu- 
las of type [A, s;] [7]. 

The crucial clauses in this translation procedure are those for formulas 
of the forms [A, S]y and [A, s]y, and more in particular the one for formulas 
of the form [A, s][7]y. It makes sense to give separate functions for the steps 
that pull the update model through program 7 given formula y. 


step0, stepi :: AM -> Program -> Form -> Form 
stepO am@(Mo states pre allAgs acc []) pr f = Top 
stepO am@(Mo states pre allAgs acc [i]) pr f = stepi am pr f 
stepO am@(Mo states pre allAgs acc is) pr f 

Conj [ step1 (Mo states pre allAgs acc [i]) pr f | i <- is ] 
step1 am@(Mo states pre allAgs acc [i]) pr f = 

Conj [ Pr (transf am i j (rpr pr)) 

(Up (Mo states pre allAgs acc [j]) f) | j <- states ] 
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Perform a single step, and put in canonical form: 


step :: AM -> Program -> Form -> Form 
step am pr f = canonF (stepO am pr f) 


t :: Form -> Form 

t Top = Top 

t (Prop p) = Prop p 

t (Neg f) = Neg (t f) 

t (Conj fs) = Conj (map t fs) 

t (Disj fs) = Disj (map t fs) 

t (Pr pr f) = Pr (rpr pr) (t f) 

t (K x f) = Pr (Ag x) (t f) 

t (EK xs f) = Pr (Ags xs) (t f) 

t (CK xs f) = Pr (Star (Ags xs)) (t f) 


Translations of formulas starting with an action model update: 


t (Up am@(Mo states pre allAgs acc [i]) f) = t? am f 
t (Up am@(Mo states pre allAgs acc is) f) = 
Conj [ t? (Mo states pre allAgs acc [i]) f | i <- is ] 


Translations of formulas starting with a single pointed action model update 
are performed by t?: 


t? :: AM -> Form -> Form 

t? am Top = Top 

t? am (Prop p) = impl (precondition am) (Prop p) 
t? am (Neg f) = Neg (t? am f) 

t? am (Conj fs) = Conj (map (t? am) fs) 

t? am (Disj fs) = Disj (map (t? am) fs) 

t? am (K x f) = t? am (Pr (Ag x) f) 

t? am (EK xs f) = t? am (Pr (Ags xs) f) 

t? am (CK xs f) = t? am (Pr (Star (Ags xs)) f) 

t? am (Up am’f) = t? am (t (Up am’ f)) 


The crucial case is an update action having scope over a program. We may 
assume that the update action is single pointed. 


t? am@(Mo states pre allAgs acc [i]) (Pr pr f) = 
Conj [ Pr (transf am i j (rpr pr)) 
(t? (Mo states pre allAgs acc [j]) f) | j <- states ] 
t? am@(Mo states pre allAgs acc is) (Pr pr f) = 
error "action model not single pointed" 


Translations for programs: 


rpr :: Program -> Program 

rpr (Ag x) = Ag x 

rpr (Ags xs) = Ags xs 

rpr (Test f) = Test (t f) 

rpr (Conc ps) = Conc (map rpr ps) 
rpr (Sum ps) = Sum (map rpr ps) 


rpr (Star p) = Star (rpr p) 
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Translating and putting in canonical form: 


tr :: Form -> Form 
tr = canonF . t 


Some example translations: 


ActEpist> tr (Up (public p) (Pr (Star (Ags [b,c])) p)) 
TP 
ActEpist> tr (Up (public (Disj [p,q])) (Pr (Star (Ags [b,c])) p)) 
[(UL?T,CL?v0p,q], [b,c]]])*]v[p,&l[-p,-q]] 
ActEpist> tr (Up (groupM [a,b] p) (Pr (Star (Ags [b,c])) p)) 
(C(CCCUL?T,Cl?p, [b,c]]])*,C[?p, [c]]], (CULU[?T, [b,c]], 

Clic, (UL?T,CL?p, [b,c] ]])*,C[?p, [c]]]])*]]p 
ActEpist> tr (Up (secret [a,b] p) (Pr (Star (Ags [b,c])) p)) 
(c(c{(Ul?T,CL?p, [b]]])*,C[?p, [c]]], (ULUL?T, [b,c]], 

C(?-T, (UL?T,C[?p, [b]]])*,C[?p, [c]]]])*]]p 


8 Semantics 


module Semantics 
where 


import List 
import Char 
import Models 
import Display 
import MinBis 
import ActEpist 
import DPLL 


8.1 Semantics implementation 


The group alternatives of group of agents a are the states that are reachable 
through U,e,4 Ra- 


groupAlts :: [(Agent,State,State)] -> [Agent] -> State -> [State] 
groupAlts rel agents current = 
(nub . sort . concat) [ alternatives rel a current | a <- agents ] 


The common knowledge alternatives of group of agents a are the states 
that are reachable through a finite number of Ra links, for a € A. 


commonAlts :: [(Agent,State,State)] -> [Agent] -> State -> [State] 
commonAlts rel agents current = 
closure rel agents (groupAlts rel agents current) 


The model update function takes a static model and and action model 
and returns an object of type Model (State,State) [Prop]. The up func- 
tion takes an epistemic model and an action model and returns an epistemic 
model. Its states are the (State, State) pairs that result from the cartesian 
product construction described in [BazMo3S0 199]. Note that the update 
function uses the truth definition (given below as isTrueAt). 
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We will set up matters in such way that updates with action models get 
their list of agents from the epistemic model that gets updated. For this, 
we define: 


type FAM = [Agent] -> AM 
up :: EM -> FAM -> Model (State,State) [Prop] 


up m@(Mo worlds val ags acc points) fam = 
Mo worlds’ val’ ags acc’ points’ 


where 
am@(Mo states pre _ susp actuals) = fam ags 
worlds’ = [ (w,s) | w <- worlds, s <- states, 
formula <- maybe [] (\ x -> [x]) (lookup s pre), 
isTrueAt w m formula ] 
val? = [ (W,s),props) | (w,props) <- val, 
s <- states, 
elem (w,s) worlds’ ] 
acc’ = [ (agi, (w1i,s1),(w2,s2)) | (ag1,w1,w2) <- acc, 
(ag2,s1,s2) <- susp, 
agi == ag2, 
elem (w1,s1) worlds’, 
elem (w2,s2) worlds’ ] 
points? = [ (p,a) | p <- points, a <- actuals, 


elem (p,a) worlds’ ] 


An action model is tiny if its action list is empty or a singleton list: 
tiny :: FAM -> Bool 


tiny fam = length actions <= 1 
where actions = domain (fam [minBound. .maxBound]) 


The appropriate notion of equivalence for the base case of the bisimulation 
for epistemic models is “having the same valuation”. 


sameVal :: [Prop] -> [Prop] -> Bool 
sameVal ps qs = (nub . sort) ps == (nub . sort) qs 


Bisimulation minimal version of generated submodel of update result for 
epistemic model and pointed action models: 
upd :: EM -> FAM -> EM 


upd sm fam = if tiny fam then conv (up sm fam) 
else bisim (sameVal) (up sm fam) 


Non-deterministic update with a list of pointed action models: 


upds :: EM -> [FAM] -> EM 
upds = foldl upd 


At last we have all ingredients for the truth definition. 
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isTrueAt :: State -> EM -> Form -> Bool 

isTrueAt w m Top = True 

isTrueAt w m@(Mo worlds val ags acc pts) (Prop p) = 
elem p (concat [ props | (w’,props) <- val, w’==w ]) 

isTrueAt wm (Neg f) = not (isTrueAt wm f) 

isTrueAt w m (Conj fs) = and (map (isTrueAt w m) fs) 

isTrueAt wm (Disj fs) = or (map (isTrueAt w m) fs) 


The clauses for individual knowledge, general knowledge and common 
knowledge use the functions alternatives, groupAlts and commonAlts to 
compute the relevant accessible worlds: 


isTrueAt w m@(Mo worlds val ags acc pts) (K ag f) = 

and (map (flip ((flip isTrueAt) m) f) (alternatives acc ag w)) 
isTrueAt w m@(Mo worlds val ags acc pts) (EK agents f) = 

and (map (flip ((flip isTrueAt) m) f) (groupAlts acc agents w)) 
isTrueAt w m@(Mo worlds val ags acc pts) (CK agents f) = 

and (map (flip ((flip isTrueAt) m) f) (commonAlts acc agents w)) 


In the clause for [M]y, the result of updating the static model M with 
action model M may be undefined, but in this case the precondition P(so) 
of the designated state sg of M will fail in the designated world wọ of M. By 
making the clause for [M]y check for M Hw, P(so), truth can be defined 
as a total function. 


isTrueAt w m@(Mo worlds val ags rel pts) (Up am f) = 
and [ isTrue m’ f | 
m?’ <- decompose (upd (Mo worlds val ags rel [w]) (\ ags -> am))] 


Checking for truth in all the designated points of an epistemic model: 


isTrue :: EM -> Form -> Bool 
isTrue (Mo worlds val ags rel pts) form = 
and [ isTrueAt w (Mo worlds val ags rel pts) form | w <- pts ] 


8.2 Tools for constructing epistemic models 


The following function constructs an initial epistemic model where the 
agents are completely ignorant about their situation, as described by a list 
of basic propositions. The input is a list of basic propositions used for 
constructing the valuations. 


initE :: [Prop] -> [Agent] -> EM 
initE allProps ags = (Mo worlds val ags accs points) 


where 
worlds = [0..(2°k - 1)] 
k = length allProps 
val = zip worlds (sortL (powerList allProps) ) 
accs = [ (ag,sti,st2) | ag <- ags, 
sti <- worlds, 
st2 <- worlds J] 


points = worlds 
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This uses the following utilities: 


powerList :: [a] -> [[a]] 
powerList [] = [C] 
powerList (x:xs) = (powerList xs) ++ (map (x:) (powerList xs)) 


sortL :: Ord a => [[a]] -> [[a]] 

sortL = sortBy (\ xs ys -> if length xs < length ys then LT 
else if length xs > length ys then GT 
else compare xs ys) 


Some initial models: 


e00 :: EM 
e00 = initE [P 0] [a,b] 


e0 :: EM 
e0 = initE [P 0,Q 0] [a,b,c] 


8.3 From communicative actions to action models 
Computing the update for a public announcement: 


public :: Form -> FAM 
public form ags = 
(Mo [0] [(0,form)] ags [ (a,0,0) | a <- ags ] [0]) 


Public announcements are S5 models: 


DEMO> showM (public p [a,b,c]) 
==> [0] 

[0] 

(O,p) 

(a, [[0]]) 

(b, [[0]]) 

Cc, [[0]]) 


Computing the update for passing a group announcement to a list of 
agents: the other agents may or may not be aware of what is going on. In 
the limit case where the message is passed to all agents, the message is a 
public announcement. 


groupM :: [Agent] -> Form -> FAM 
groupM gr form agents = 
if sort gr == sort agents 
then public form agents 
else 
(Mo 
[0,1] 
[(0, form) ,(1,Top)] 
agents 
(E (a,0,0) | a <- agents ] 
++ [ (a,0,1) | a <- agents \\ gr ] 
++ [ (a,1,0) | a <- agents \\ gr ] 
++ [ (a,1,1) | a <- agents ]) 
[0]) 


342 J. van Eijck 


Group announcements are $5 models: 


Semantics> showM (groupM [a,b] p [a,b,c,d,e]) 
=> [0] 

[0,1] 

(0,p)(1,T) 

(a, [C0] , [1]]) 

Cb, [C0] , [1]]) 

(c, [[0,1]]) 

(a, [[0,1]]) 

(e, [[0,1]]) 


Computing the update for an individual message to b that ¢: 


message :: Agent -> Form -> FAM 
message agent = groupM [agent] 


Another special case of a group message is a test. Tests are updates that 
messages to the empty group: 


test :: Form -> FAM 
test = groupM [] 


Computing the update for passing a secret message to a list of agents: 
the other agents remain unaware of the fact that something goes on. In the 
limit case where the secret is divulged to all agents, the secret becomes a 
public update. 


secret :: [Agent] -> Form -> FAM 
secret agents form all_agents = 
if sort agents == sort all_agents 
then public form agents 
else 
(Mo 
[0,1] 
[(0,form) ,(1,Top)] 
all_agents 
(E (a,0,0) | a <- agents ] 
++ [ (a,0,1) | a <- all_agents \\ agents ] 
++ [ (a,1,1) | a <- all_agents 1) 
[0]) 


Secret messages are KD45 models: 


DEMO> showM (secret [a,b] p [a,b,c]) 
==> [0] 

[0,1] 

(0,p)(1,T) 

(a, [CE], [0]) , CE] , [1])]) 

(b, [CE], [0]) , CE] , [1])]) 

Cc, [CE0], [1])]) 
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Here is a multiple pointed action model for the communicative action of 
revealing one of a number of alternatives to a list of agents, in such a way 
that it is common knowledge that one of the alternatives gets revealed (in 
[Ba4Mo3S0103] this is called common knowledge of alternatives). 


reveal :: [Agent] -> [Form] -> FAM 
reveal ags forms all_agents = 
(Mo 
states 
(zip states forms) 
all_agents 
(E (ag,s,s) | s <- states, ag <- ags ] 
++ 
[ (ag,s,s’) | s <- states, s? <- states, ag <- others ]) 


states) 
where states = map fst (zip [0..] forms) 
others = all_agents \\ ags 


Here is an action model for the communication that reveals to a one of 
P1, q1;1- 


Semantics> showM (reveal [a] [p1,q1,r1] [a,b]) 
==> [0,1,2] 

[0,1,2] 

(0,p1)(1,q1)(2,r1) 

(a, [CO] , [1] , [2]]) 

(b, [[0,1,2]]) 


A group of agents B gets (transparently) informed about a formula y 
if B get to know y when ọ is true, and B get to know the negation of 
y otherwise. Transparency means that all other agents are aware of the 
fact that B get informed about y, i.e., the other agents learn that (p > 
Cey)A(-~ — Cpry). This action model can be defined in terms of reveal, 
as follows: 


info :: [Agent] -> Form -> FAM 
info agents form = 
reveal agents [form, negation form] 


An example application: 


Semantics> showM (upd e0 (info [a,b] q)) 
==> [0,1,2,3] 

[0,1,2,3] 

(0, []) (1, [p]) (2, [q] ) (3, [p,q]) 

(a, [[0,1] , [2,3]]) 

(b, [[0,1] , [2,3]]) 

(c, [[0,1,2,3]]) 


Semantics> isTrue (upd e0 (info [a,b] q)) (CK [a,b] q) 
False 

Semantics> isTrue (upd e0 (groupM [a,b] q)) (CK [a,b] q) 
True 
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Slightly different is informing a set of agents about what is actually the case 
with respect to formula g: 


infm :: EM -> [Agent] -> Form -> FAM 
infm m ags f = if isTrue m f 
then groupM ags f 
else if isTrue m (Neg f) 
then groupM ags (Neg f) 
else one 


And the corresponding thing for public announcement: 


publ :: EM -> Form -> FAM 
publ m f = if isTrue m f 
then public f 
else if isTrue m (Neg f) 
then public (Neg f) 
else one 


8.4 Operations on action models 


The trivial update action model is a special case of public announcement. 
Call this the one action model, for it behaves as 1 for the operation ® of 
action model composition. 


one :: FAM 
one = public Top 


Composition ® of multiple pointed action models. 


cmpP :: FAM -> FAM -> [Agent] -> Model (State,State) Form 
cmpP fami fam2 ags = 
(Mo nstates npre ags nsusp npoints) 
where m@(Mo states pre _ susp ss) = fami ags 
(Mo states’ pre’ _ susp’ ss’) = fam2 ags 
npoints = [ (s,s’) | s <- ss, s’ <- ss’ ] 
nstates = [ (s,s?) | s <- states, s?’ <- states’ ] 
npre = [ ((s,s’), g) | (s,f) <- pre, 
(s?,f?) <- pre’, 
<- [computePre m f f’] ] 


nsusp = [ (ag,(si,s1’),(s2,s2’)) | (ag,s1,s2) <- susp, 
(ag’,s1’,s2’) <- susp’, 
ag == ag’ ] 


The utility function for this can be described as follows: compute the 
new precondition of a state pair. If the preconditions of the two states are 
purely propositional, we know that the updates at the states commute and 
that their combined precondition is the conjunction of the two preconditions, 
provided this conjunction is not a contradiction. If one of the states has a 
precondition that is not purely propositional, we have to take the epistemic 
effect of the update into account in the new precondition. 
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computePre :: AM -> Form -> Form -> Form 
computePre m g g’ | pureProp conj = conj 
| otherwise = Conj [ g, Neg (Up m (Neg g’)) ] 
where conj = canonF (Conj [g,g’]) 


Compose pairs of multiple pointed action models, and reduce the result to 
its simplest possible form under action emulation. 


cmpFAM :: FAM -> FAM -> FAM 
-- cmpFAM fam fam’ ags = aePmod (cmpP fam fam’ ags) 
cmpFAM fam fam’ ags = conv (cmpP fam fam’ ags) 


Use one as unit for composing lists of FAMs: 


cmp :: [FAM] -> FAM 
cmp = foldl cmpFAM one 


Here is the result of composing two messages: 


Semantics> showM (cmp [groupM [a,b] p, groupM [b,c] q] [a,b,c]) 
==> [0] 

[0,1,2,3] 

(0,&[p,q]) (1, p) (2,q) (3,T) 

(a, [£0,1], [2,3]]) 

Cb, CCO] , [1] , [2], [3]]) 

(c, [[0,2] , [1,3]]) 


This gives the resulting action model. Here is the result of composing the 
messages in the reverse order. The two action models are bisimilar under 
the renaming 1 +> 2,2 — 1. 


==> [0] 

[0,1,2,3] 
(0,&[p,q])(1,q)(2,p)(3,T) 
Ca, [[0,2] , [1,3]]) 

(b, CCO] , [1] , [2] , [3]]) 

Cc, [[0,1] , [2,3]]) 


The following is an illustration of an observation from [vE;04a]: 


m2 
psi 


initE [P 0,Q 0] [a,b,c] 
Disj[Neg(K b p),q] 


Semantics> showM (upds m2 [message a psi, message b p]) 


[0,1,2,3,4,5] 

(0, []) (1, [p]) (2, [p]) (3, [q]) (4, [p,q]) 
(5, [p,q]) 

(a, [[0,1,2,3,4,5]]) 

(b, [[0,2,3,5] , [1,4]]) 
(c,[[0,1,2,3,4,5]]) 
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Semantics> showM (upds m2 [message b p, message a psi]) 
==> [7] 

[0,1,2,3,4,5,6,7,8,9,10] 

(0, []) (1, 01) (2, [p]) (3, [p]) (4, [p]) 

(5, [q]) (6, [q]) (7, [p,q]) (8, [p,q]) (9, [p,q] 

(10, [p,q]) 


(a, [[0,3,5,7,9],[1,2,4,6,8,10]]) 
(b, [[0,1,3,4,5,6,9,10],[2,7,8]]) 
(c,[[0,1,2,3,4,5,6,7,8,9,10]]) 


Power of action models: 


pow :: Int -> FAM -> FAM 
pow n fam = cmp (take n (repeat fam)) 


Non-deterministic sum © of multiple-pointed action models: 


ndSum’ :: FAM -> FAM -> FAM 
ndSum’ fami fam2 ags = (Mo states val ags acc ss) 
where 


(Mo statesi vall _ acci ssi) = fami ags 


(Mo states2 val2 _ acc2 ss2) = fam2 ags 


f =\ x -> toInteger (length states1) + x 
states2’ = map f states2 

val2’ = map (\ (x,y) -> (f x, y)) val2 
acc2’ = map (\ (x,y,z) -> (x, f y, f z)) acc2 
ss = ssi ++ map f ss2 

states = statesi ++ states2’ 

val = vali ++ val2’ 

acc = acci ++ acc2’ 


Example action models: 


amO = ndSum’ (test p) (test (Neg p)) [a,b,c] 


am1 = ndSum’ (test p) (ndSum’ (test q) (test r)) [a,b,c] 


Examples of minimization for action emulation: 


Semantics> showM amO 


[0,1,2,3] 

(0,p) (1,T) (2,-p) (3,T) 

(a, [CCO] , [1]) , ([2] , [3])]) 
Œœ, [CCO] , [1]) , C [2] , [3])]) 
(c, [CCO] , [1]) , ([2] , [3])]) 


Semantics> showM (aePmod am0) 
==> [0] 

[0] 

(0,T) 

(a, [[0]]) 

(b, C[C0]]) 

Cc, [L0]]) 
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Semantics> showM ami 

==> [0,2,4] 

[0,1,2,3,4,5] 

(0,p) (1,T) (2,q) (3,T) (4,r) 

(5,T) 

(a, [¢(0] , [1]) , ([2] , (3]) , ([4] , (51) 1) 
C, [((0] , [1]), ([2] , [3]) , ( [4] , [5])]) 
Cc, [CE0] , [1]) , ([2] , [3]) , ([4] , [5])]) 


Semantics> showM (aePmod am1) 
==> [0] 

[0,1] 

(0,v[p,&[-p,q] ,&[-p,-q,r]])(1,T) 
(a, [CE0] , [1])]) 

(b, [CE0] , [1])]) 

(c, [CE0] , [1])]) 


Non-deterministic sum © of multiple-pointed action models, reduced for 
action emulation: 


ndSum :: FAM -> FAM -> FAM 
ndSum fami fam2 ags = (ndSum’ fami fam2) ags 


Notice the difference with the definition of alternative composition of Kripke 
models for processes given in [Ho398, Ch 4]. The zero action model is the 
0 for the Ð operation, so it can be used as the base case in the following list 
version of the © operation: 


ndS :: [FAM] -> FAM 
ndS = foldl ndSum zero 


Performing a test whether y and announcing the result: 


testAnnounce :: Form -> FAM 
testAnnounce form = ndS [ cmp [ test form, public form ], 
cmp [ test (negation form), 
public (negation form)] ] 


testAnnounce form is equivalent to info all_agents form: 


Semantics> showM (testAnnounce p [a,b,c]) 
==> [0,1] 

[0,1] 

(0,p)(1,-p) 

(a, [C0] , [1]]) 

(b, [CO] , [1]]) 

Cc, [CO] , [1]]) 


Semantics> showM (info [a,b,c] p [a,b,c]) 
==> [0,1] 

[0,1] 

(0,p)(1,-p) 
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(a, [[0] , [1]]) 
œ, [[0] , [1] 1) 
Cc, [0], [1]]) 


The function testAnnounce gives the special case of revelations where 
the alternatives are a formula and its negation, and where the result is 
publicly announced. 


Note that DEMO correctly computes the result of the sequence and the 
sum of two contradictory propositional tests: 


Semantics> showM (cmp [test p, test (Neg p)] [a,b,c]) 
==> [] 
[] 


(a, []) 
(b, []) 
(c,[]) 


Semantics> showM (ndS [test p, test (Neg p)] [a,b,c]) 
==> [0] 

[0] 

(0,T) 

(a, [(0]]) 

(b, [[0]]) 

Cc, [[0]]) 


9 Examples 

9.1 The riddle of the caps 

Picture a situation? of four people a,b,c,d standing in line, with a,b,c 
looking to the left, and d looking to the right. a can see no-one else; b can 
see a; c can see a and b, and d can see no-one else. They are all wearing 
caps, and they cannot see their own cap. If it is common knowledge that 
there are two white and two black caps, then in the situation depicted in 
Figure 4, c knows what colour cap she is wearing. 

If c now announces that she knows the colour of her cap (without re- 
vealing the colour), b can infer from this that he is wearing a white cap, for 
b can reason as follows: “c knows her colour, so she must see two caps of 
the same colour. The cap I can see is white, so my own cap must be white 
as well.” In this situation b draws a conclusion from the fact that c knows 
her colour. 

In the situation depicted in Figure 5, b can draw a conclusion from the 
fact that c does not know her colour. 

In this case c announces that she does not know her colour, and b can 
infer from this that he is wearing a black cap, for b can reason as follows: 


3 See [vE1 Or05]. 


DEMO — A Demo of Epistemic Modelling 349 


Gee 


FIGURE 4. 
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FIGURE 5. 
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“c does not know her colour, so she must see two caps of different colours 
in front of her. The cap I can see is white, so my own cap must be black.” 
To account for this kind of reasoning, we use model checking for epis- 
temic updating, as follows. Proposition p; expresses the fact that the ith 
cap, counting from the left, is white. Thus, the facts of our first example 
situation are given by pı A p2 A -p3 A apa, and those of our second example 
by pi A p2 A mp3 ^ pa. 
Here is the DEMO code for this example (details to be explained below): 


module Caps where 
import DEMO 


capsInfo :: Form capsInfo = Disj [Conj [f, g, Neg h, Neg j] | 
f <- [p1, p2, p3, p4l, 
g <- [p1, p2, p3, p4] \\ [f], 
h <- [p1, p2, p3, p4] \\ [f,g], 
j <- [p1, p2, p3, p4] \\ [f,g,h], 


f<g,h<j ] 
awarenessFirstCap = info [b,c] p1 awarenessSecondCap = info [c] 
p2 
cK = Disj [K c p3, K c (Neg p3)] 
bK = Disj [K b p2, K b (Neg p2)] 
moO = upd (initE [P 1, P 2, P 3, P 4] [a,b,c,d]) (test capsInfo) 
moi = upd moO (public capsInfo) 
mo2 = upds moi [awarenessFirstCap, awarenessSecondCap] 
mo3a = upd mo2 (public cK) 
mo3b = upd mo2 (public (Neg cK)) 


An initial situation with four agents a,b,c,d and four propositions pj, 
P2, P3, Pa, with exactly two of these true, where no-one knows anything 
about the truth of the propositions, and everyone is aware of the ignorance 
of the others, is modelled like this: 


Caps> showM moO 

==> [5,6,7,8,9,10] 
[0,1,2,3,4,5,6,7,8,9,10,11,12,13, 14, 15] 

(0, []) (4, [p1]) (2, [p2]) (3, [p3]) (4, [p4]) 

(5, [p1,p2]) (6, [p1,p3]) (7, [p1,p4]) (8, [p2,p3]) (9, [p2,p4]) 
(10, [p3,p4]) (11, [p1,p2,p3]) (12, [p1,p2,p4]) (13, [p1,p3,p4]) 
(14, [p2,p3,p4]) (15, [p1,p2,p3,p4]) 

(a, [10,1,2,3,4,5,6,7,8,9,10,11,12, 13, 14,15]]) 


(b, [(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15]]) 
(c,[(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15]]) 
(d,[(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15]]) 


The first line indicates that worlds 5,6,7,8,9,10 are compatible with the 
facts of the matter (the facts being that there are two white and two black 
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caps). E.g., 5 is the world where a and b are wearing the white caps. The 
second line lists all the possible worlds; there are 2* of them, since every 
world has a different valuation. The third through sixth lines give the valu- 
ations of worlds. The last four lines represent the accessibility relations for 
the agents. All accessibilities are total relations, and they are represented 
here as the corresponding partitions on the set of worlds. Thus, the igno- 
rance of the agents is reflected in the fact that for all of them all worlds are 
equivalent: none of the agents can tell any of them apart. 

The information that two of the caps are white and two are black is 
expressed by the formula 


(pı A p2 A =p3 A apa) V (pı A p3 A mp2 A apa) V (pi A pa A mp2 ^A aps) 
V (p2 A p3 A api A apa) V (p2 A pa A mpi A aps) V (p3 A pa A api A ~pa). 


A public announcement with this information has the following effect: 


Caps> showM (upd moO (public capsInfo)) 
==> [0,1,2,3,4,5] 


[0,1,2,3,4,5] 

(0, [p1,p2]) (1, [p1,p3]) (2, [p1,p4]) (3, [p2,p3]) (4, [p2,p4]) 
(5, [p3,p4]) 

(a, [[0,1,2,3,4,5]]) 

(b,[[0,1,2,3,4,5]]) 

(c,[[0,1,2,3,4,5]]) 

(a, [[0,1,2,3,4,5]]) 


Let this model be called mo1. The representation above gives the partitions 
for all the agents, showing that nobody knows anything. A perhaps more 
familiar representation for this multi-agent Kripke model is given in Figure 
6. In this picture, all worlds are connected for all agents, all worlds are 
compatible with the facts of the matter (indicated by the double ovals). 

Next, we model the fact that (everyone is aware that) b can see the first 
cap and that c can see the first and the second cap, as follows: 


Caps> showM (upds moi [info [b,c] p1, info [c] p2]) 
==> [0,1,2,3,4,5] 

[0,1,2,3,4,5] 

(0, [p1,p2]) (1, [p1,p3]) (2, [p1,p4]) (3, [p2,p3]) (4, [p2,p4]) 
(5, [p3,p4]) 

(a, [[0,1,2,3,4,5]]) 

(b, [[0,1,2] , [3,4,5]]) 

Cc, [C0] , [1,2] , [3,4] , [5]]) 

(a, [[0,1,2,3,4,5]]) 


Notice that this model reveals that in case a,b wear caps of the same colour 
(situations 0 and 5), c knows the colour of all the caps, and in case a,b wear 
caps of different colours, she does not (she confuses the cases 1,2 and the 
cases 3,4). Figure 7 gives a picture representation. 
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abcd 


FIGURE 6. Caps situation where nobody knows anything about pj, po, 
P3, OY pa. 


Let this model be called mo2. Knowledge of c about her situation is 
expressed by the epistemic formula K.p3 V K.—p3, ignorance of c about 
her situation by the negation of this formula. Knowledge of b about his 
situation is expresed by Kyp2 V Ky-p2. Let bK, cK express that b,c know 
about their situation. Then updating with public announcement of cK and 
with public announcement of the negation of this have different effects: 


Caps> showM (upd mo2 (public cK)) 


[0,1] 

(0, [p1,p2]) (1, [p3,p4]) 
(a, [[0,1]]) 

(b, [C0] , [1]]>) 

Cc, [C0] , [1]]>) 

(a, [[0,1]]) 


Caps> showM (upd mo2 (public (Neg cK))) 
==> [0,1,2,3] 
[0,1,2,3] 
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FIGURE 7. Caps situation after updating with awareness of what b and c 
can see. 


(0, [p1,p3]) (1, [p1,p4]) (2, [p2,p3]) (3, [p2, p4]) 
(a, [[0,1,2,3]]) 

(b, [[0,1] , [2,3]]) 

Cc, [[0,1] , [2,3]]) 

(a, [[0,1,2,3]]) 


In both results, b knows about his situation, though: 


Caps> isTrue (upd mo2 (public cK)) bK 

True 

Caps> isTrue (upd mo2 (public (Neg cK))) bK 
True 
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9.2 Muddy children 


For this example we need four agents a,b,c,d. Four children a,b,c,d are 
sitting in a circle. They have been playing outside, and they may or may 
not have mud on their foreheads. Their father announces: “At least one 
child is muddy!” Suppose in the actual situation, both c and d are muddy. 


a bed 


O O e e 


Then at first, nobody knows whether he is muddy or not. After public 
announcement of these facts, c(d) can reason as follows. “Suppose I am 
clean. Then d(c) would have known in the first round that she was dirty. 
But she didn’t. So I am muddy.” After c,d announce that they know 
their state, a(b) can reason as follows: “Suppose I am dirty. Then c and d 
would not have known in the second round that they were dirty. But they 
knew. So I am clean.” Note that the reasoning involves awareness about 


perception. 
In the actual situation where b,c,d are dirty, we get: 
a c d 
o © @ o 
TES 
722? 
a rs T 
i A 


Reasoning of b: “Suppose I am clean. Then c and d would have known 
in the second round that they are dirty. But they didn’t know. So I am 
dirty. Similarly for c and d.” Reasoning of a: “Suppose I am dirty. Then b, 
c and d would not have known their situation in the third round. But they 
did know. So I am clean.” And so on ... [Fa+95]. 


Here is the DEMO implementation of the second case of this example, with 
b,c, d dirty. 


module Muddy where 
import DEMO 
bcd_dirty = Conj [Neg p1, p2, p3, p4] 
awareness = [info [b,c,d] p1, 
info [a,c,d] p2, 


info [a,b,d] p3, 
info [a,b,c] p4 ] 
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aK = Disj [K a p1, K a (Neg p1)] 

bK = Disj [K b p2, K b (Neg p2)] 

cK = Disj [K c p3, K c (Neg p3)] 

dk = Disj [K d p4, K d (Neg p4)] 

mu0 = upd (initE [P 1, P 2, P 3, P 4] [a,b,c,d]) (test bcd_dirty) 
mui = upds mu0 awareness 

mu2 = upd mui (public (Disj [p1, p2, p3, p4])) 

mu3 = upd mu2 (public (Conj[Neg aK, Neg bK, Neg cK, Neg dkK])) 
mu4 = upd mu3 (public (Conj[Neg aK, Neg bK, Neg cK, Neg dk])) 
mu5 = upds mu4 [public (Conj[bK, cK, dK])] 


The initial situation, where nobody knows anything, and they are all 
aware of the common ignorance (say, all children have their eyes closed, and 
they all know this) looks like this: 


Muddy> showM mu0 


[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15] 

(0, 07) (4, [p1]) (2, [p2]) (3, [p3]) (4, [p4]) 

(5, [p1,p2]) (6, [p1,p3]) (7, [p1,p4]) (8, [p2,p3]) (9, [p2,p4]) 
(10, [p3,p4]) (11, [p1,p2,p3]) (12, [p1,p2,p4]) (13, [p1,p3,p4]) 
(14, [p2,p3,p4]) (15, [p1,p2,p3,p4]) 

(a, [[0,1,2,3,4,5,6,7,8,9,10,11, 12, 13,14, 15]]) 


(b, [(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15]]) 
(c, [(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15]]) 
(a, [10,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15]]) 


The awareness of the children about the mud on the foreheads of the others 
is expressed in terms of update models. 


Here is the update model that expresses that b,c,d can see whether a is 
muddy or not: 


Muddy> showM (info [b,c,d] p1) 
==> [0,1] 

[0,1] 

(0,p1)(1,-p1) 

(a, [[0,1]]) 

Cb, [CO] , [1]]) 

Cc, [CO] , [1]]) 

(a, [C0] , [1]]) 


Let awareness be the list of update models expressing what happens when 
they all open their eyes and see the foreheads of the others. Then updating 
with this has the following result: 


Muddy> showM (upds mu0 awareness) 
==> [14] 
[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15] 
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(0, 01) (1, [p1]) (2, [p2]) (3, [p3]) (4, [p4]) 

(5, [p1,p2]) (6, [p1,p3]) (7, [p1,p4]) (8, [p2,p3]) (9, [p2,p4]) 
(10, [p3,p4]) (11, [p1,p2,p3]) (12, [p1,p2,p4]) (13, [p1,p3,p4]) 
(14, [p2,p3,p4]) (15, [p1,p2,p3,p4]) 

(a, [[0,1] , [2,5] , [3,6] , [4,7] , [8,11] , [9,12], [10,13], (14,1511) 
(b, [[0,2] , [1,5] , [3,8] , [4,9] , [6,11] , [7,12] , [10,14] , [13,15]]) 
Cc, [[0,3] , [1,6] , [2,8] , [4,10] , [5,11] , [7,13] , [9,14] , [12,15]]) 
(d, [[0,4] , [1,7] , [2,9] , [3,10] , [5,12] , [6,13] , [8,14] , [11,15]]) 


Call the result mui. An update of muí with the public announcement that 
at least one child is muddy gives: 


Muddy> showM (upd mul (public (Disj [p1, p2, p3, p4]))) 

==> [13] 

[0,1,2,3,4,5,6,7,8,9,10,11, 12,13, 14] 

(0, [p1J) (1, [p2]) (2, [p3]) (3, [p4]) (4, [p1,p2]) 

(5, [p1,p3]) (6, [p1,p4]) (7, [p2,p3]) (8, [p2,p4]) (9, [p3,p4]) 

(10, [p1,p2,p3]) (11, [p1,p2,p4]) (12, [p1,p3,p4]) (13, [p2,p3,p4]) 
(14, [p1,p2,p3,p4]) 


(a, [[0] , [1,4], [2,5], [3,6] , [7,10] , [8,11] , [9,12], [13,14]]) 
(bo, [[0,4] , [1] , [2,7] , [3,8] , [5,10] , [6,11] , [9,13] , [12,14]]) 
(c, [[0,5] , [1,7] , [2] , [3,9] , [4,10] , [6,12] , [8,13] , [11,14]]) 
(a, [[0,6] , [1,8] , [2,9] , [3] , [4,11] , [5,12] , [7,13] , [10,14]]) 


Figure 8 represents this situation where the double oval indicates the actual 
world). Call this model mu2, and use aK, bK,cK, dK for the formulas express- 
ing that a, b, c, d know whether they are muddy (see the code above). Then 
we get: 


Muddy> showM (upd mu2 (public (Conj[Neg aK, Neg bK, Neg cK, 
Neg dK]))) 

==> [9] 

[0,1,2,3,4,5,6,7,8,9,10] 

(0, [p1,p2]) (1, [p1,p3]) (2, [p1,p4]) (3, [p2,p3]) (4, [p2,p4]) 

(5, [p3,p4]) (6, [p1,p2,p3]) (7, [p1,p2,p4]) (8, [p1,p3,p4]) 

(9, [p2,p3,p4]) (10, [p1,p2,p3,p4]) 

(a, [0], [1] , [2] , [3,6] , [4,7] , [5,8] , [9,10]1) 

œ, [[0] , [1,6] , [2,7] , [3] , (4],(5,9],[8,10]]) 

Cc, [[0,6] , [1] , [2,8] , [3] , [4,9] , [5],[7,10]]) 

(a, [[0,7] , [1,8] , [2] , [3,9] , [4] , [5] , [6,10]]) 


This situation is represented in Figure 9. We call this model mu3, and 


update again with the same public announcement of general ignorance: 


Muddy> showM (upd mu3 (public (Conj[Neg aK, Neg bK, Neg cK, 
Neg dK]))) 

==> [3] 

[0,1,2,3,4] 

(0, [p1,p2,p3]) (1, [p1,p2,p4]) (2, [p1,p3,p4]) (3, [p2,p3,p4]) 

(4, [p1,p2,p3,p4]) 
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12:[p1,p3,p4] 


14:[p1,p2,p3,p4] 


FIGURE 8. 


4:[p2,p4] (563.941) 


az; 


10:[p1,p2,p3,p4] 


FIGURE 9. 
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(a, [0], [1] , [2] , [3,4]]) 
C, [[0] , [1] , [2,4] , [3]]) 
Cc, [C0] , [1,4] , [2] , [3]]) 
(a, [[0,4] , [1] , [2] , [3]]) 


Finally, this situation is represented in Figure 10, and the model is called 
mu4. In this model, b, c,d know about their situation: 


Muddy> isTrue mu4 (Conj [bK, cK, dK]) 
True 


0:[p1,p2,p3] 3:[p2,p3,p4] 


1:[p1,p2,p4] 2:[p1,p3,p4] 
d c b 


4:[p1,p2,p3,p4] 


FIGURE 10. 


Updating with the public announcement of this information determines 

everything: 

Muddy> showM (upd mu4 (public (Conj[bK, cK, dK]))) 

==> [0] 

[0] 

(0, [p2,p3,p4]) 

(a, [[0]]) 

(b, [[0]]) 

Cc, [[0]]) 

(a, [[0]]) 


10 Conclusion and further work 


DEMO was used for solving Hans Freudenthal’s Sum and Product puzzle by 
means of epistemic modelling in [vVDRuo Ve205]. There are many variations 
of this. See the DEMO documentation at http://www. cwi.nl/~jve/demo/ 
for descriptions and for DEMO solutions. DEMO is also good at modelling 
the kind of card problems described in [vD03], such as the Russian card 
problem. A DEMO solution to this was published in [vD+06]. DEMO was 
used for checking a version of the Dining Cryptographers protocol [Ch288], 
in [vE,;Or05]. All of these examples are part of the DEMO documentation. 

The next step is to employ DEMO for more realistic examples, such 
as checking security properties of communication protocols. To develop 
DEMO into a tool for blackbox cryptographic analysis — where the cryp- 
tographic primitives such as one-way functions, nonces, public and private 
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key encryption are taken as given. For this, a propositional base language 
is not sufficient. We should be able to express that an agent A generates a 
nonce n4, and that no-one else knows the value of the nonce, without falling 
victim to a combinatorial explosion. If nonces are 10-digit numbers then 
not knowing a particular nonce means being confused between 10!° different 
worlds. Clearly, it does not make sense to represent all of these in an im- 
plementation. What could be done, however, is represent epistemic models 
as triples (W, R, V), where V now assigns a non-contradictory proposition 
to each world. Then uncertainty about the value of n4, where the actual 
value is N, can be represented by means of two worlds, one where ng = N 
and one where ng Æ N. This could be done with basic propositions of the 
form e = M and e # M, where e ranges over cryptographic expressions, 
and M ranges over ‘big numerals’. Implementing these ideas, and putting 
DEMO to the test of analysing real-life examples is planned as future work. 
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